The iPhones of dozens of employees of the Al-Jazeera news channel were reportedly spied on in 2019 and 2020, thanks to sophisticated spy tools provided by the Israeli company NSO Group. The accusation, which is based on a thorough technical analysis, carried out directly from certain iPhones of the journalists in question, is made by the Citizen Lab in Toronto, which brings together computer security experts specializing in spyware.
They published, Sunday, December 20, a report detailing the methods with which the journalists of the Qatari channel were spied directly on their devices. This more particularly during an attack “Coordinate” perpetrated in July and August 2020. “Government officials” would then have used “The Pegasus spy software” of NSO Group to spy on 36 personal smartphones belonging to journalists, producers, presenters or senior executives of Al-Jazeera. The iPhone of a London reporter from Al Araby TV was also targeted, the report added.
Page Contents
Zero click infections
Citizen Lab researchers – who had already revealed the existence of Pegasus in 2016 – note a particularly worrying development in the modus operandi of the people who carried out this attack. The infection by the Pegasus software took place, according to them, thanks to a technique based on security vulnerabilities in recent Apple software and devices (iPhone 11 or XS Max), then running under iOS 13, the operating system more up to date at the time of attacks.
These hacks were made possible because of a “zero click” vulnerability, which did not require the user to be tricked with a fraudulent link sent, for example, by SMS. According to the explanations given by the Citizen Lab, it is from a simple notification appeared on the iPhone in question, generated from infected applications previously installed, that the malware could then have infected the device in order to collect and transmit data.
On the iPhone 11 of an investigative reporter from Al-Jazeera analyzed by the Citizen Lab, the researchers argue that the Pegasus software, which they found traces, could have discreetly recorded sound thanks to the microphone of the device (and therefore listen to phone calls) or take pictures.
It also appears that the geolocated data of the devices, or of the usernames and passwords saved locally, could have been accessed remotely. “It turned journalists’ iPhones into powerful surveillance tools, without even having to trick their users into clicking links.” malicious, explains the Citizen Lab.
NSO Group does not comment
These flaws seem to have since been corrected. Contacted by the Citizen Lab, Apple explained that they were investigating in order to verify the data and information exposed by the researchers. The firm also explained to the Associated Press agency that the latest version of its operating system for iPhone (iOS 14, released in September) included “New protections” intended to prevent “The kind of attacks” described by the Citizen Lab. The latter strongly advises, in its report, to install the iOS 14 update on compatible Apple devices to avoid being infected by software such as those from NSO Group.
For its part, NSO Group told the Associated Press and the British daily The Guardian do not “To be able to comment” Citizen Lab information, for lack of being able to study them in detail for the moment. The Israeli company also claimed in its statements to the press that it is only providing its surveillance technologies for the sole purpose of enabling “Government agencies” to carry out anti-terrorism or organized crime operations. And promises that in case of “Credible evidence” concerning “Misuse” of its monitoring software, all “Necessary decisions Will be taken to investigate the matter.
NSO Group is regularly accused of providing tools that are incompatible with respect for human rights, as it has notably enabled the spying of journalists and political opponents in similar cases, whether in Morocco, Togo, or even , as revealed The world recently in Mexico.
In October 2019, Facebook-owned WhatsApp filed a complaint directly against NSO Group for allowing the use of a security flaw in its app, which allegedly led to the spying of journalists or human rights activists. The infection took place from a “missed call” made on WhatsApp, which allowed the recipient of the call to be infected even if he did not answer the call.
Saudi Arabia suspected
While it is still extremely difficult to define who precisely ordered a computer attack, the Citizen Lab report provides technical information. He explains that the spotted spyware sent data to servers in Saudi Arabia and the United Arab Emirates. Contacted by Associated Press, the authorities of the two countries had not reacted to this information, Monday, December 21.
In the past, Saudi Arabia has repeatedly been accused of using NSO Group’s tools in espionage operations. One of these accusations concerns a well-known case, that of the smartphone of Jeff Bezos, the boss of Amazon, which would have been infected on behalf of the kingdom thanks to tools provided by NSO Group, according to information gathered by two rapporteurs United Nations specials on the subject.
For three years, relations between Saudi Arabia, the United Arab Emirates and Al-Jazeera, a news channel created by Qatar, have clearly deteriorated, in line with the severance of diplomatic ties between Qatar and these two country. In June 2017, Saudi Arabia ordered the closure of Al-Jazeera offices in its country. The channel has since been accused of“Incitement to hatred” and of “Subversion”. The outright shutdown of Al-Jazeera currently remains one of the conditions formulated by a coalition of Saudi Arabia, the United Arab Emirates, Bahrain and Egypt for the re-establishment of diplomatic ties with Qatar.
