Min menu


How did you use an iMessage loophole to hack into dozens of journalists' iPhone phones?


A new report by the University of Toronto's Citizen Lab revealed that an unknown vulnerability in the iMessage app was exploited to hack into the iPhone of dozens of journalists, which occurred in July and August 2020, when government agents used pegasus to hack 36 personal phones of journalists, producers, reporters and executives of Al Jazeera. A journalist's phone was also hacked into al-Arabi tv, based in London.

Developed by NSO Group, Pegasus is a solution for surveillance and phone espionage, enabling customers to exploit and remotely monitor hardware vulnerabilities. NSO Group is a producer and supplier of surveillance technologies for governments around the world, and its products are linked to surveillance and espionage violations.

How was iPhone hacked through this loophole?

Journalists' phones were hacked using a series of loopholes called KISMET that appeared to involve the exploitation of an unknown zero-click loophole in the iMessage app. KISMET was targeting the latest version of iOS 13 - iOS 13.5.1 — and could have been used to hack into Apple's newest iPhone 11 at the time.

 Hacked iPhone records collected by citizen lab researchers indicate that a number of NSO Group customers also used the same vulnerability between October and December 2019, indicating that this was not detected or repaired for a long period of time.

This is evidence that NSO Group no longer relies on the malicious SMS approach to hack into target phones, as it has recently shifted towards other loopholes, such as zero-click and network-based vulnerabilities that allow phones to be hacked without any interaction from the target, without leaving any visible traces.

The 2019 WhatsApp hack — at least 1,400 phones were targeted through a voice-over vulnerability — is one example of this shift.

 This is what happened with the hacked iPhone, as once the spy software is implanted in the target phone, the target iPhone begins to download large amounts of data, sometimes totalling hundreds of megabytes, without the user's knowledge.

The uploaded data is believed to have included ambient audio recorded by the phone's microphone, the content of encrypted phone calls, images captured by the phone's camera, the phone's geographical location, as well as any passwords stored in the phone.

 What is Apple's response?

So far there is no evidence that KISMET can be exploited in iOS 14 or its modern versions, as this version focuses on significantly improving security features and privacy protection, so all iPhone owners must update immediately to the latest available version of iOS 14.

"It cannot independently verify Citizen Lab's work, and it is constantly enhancing the security of users' data and devices, and has urged its customers to install the latest version of their deviceoperating systems to protect themselves and their data," Apple said.