Zero-click iMessage flaw ‘used to hack journalists’ iPhones’
It’s the scariest kind of hack – one that doesn’t involve you clicking on a link or otherwise interacting with your phone, or making any kind of human error at all. All that’s required is for the hacker to send you a specially formatted message.
The hack in question was discovered by Citizen Lab at the University of Toronto and allegedly used by NSO Group, an Israeli company that sells advanced electronic espionage tech to dictatorships around the world. Citizen Lab says it has managed to confirm that journalists and other employees at the Al Jazeera television station in Qatar were targets of NSO’s Pegasus spyware, as well as a journalist at Al Araby TV in London. The lab attributes the hacks to orders from Saudi Arabia and the United Arab Emirates.
Citizen Lab believes this group constitutes only a small minority of those who may have been targets for NSO Group’s Pegasus spyware.
The story was uncovered when a journalist suspected that his phone had been hacked and contacted Citizen Lab. The lab installed a special VPN app which revealed the hidden contact with NSO Group’s servers.
The bug in iMessage that allowed these hacks to take place is understood to have been fixed in iOS 14 and Citizen Lab urges all users to update to the latest version of the system.
For detailed advice on protecting your phone from attack, read our iPhone security tips.
This article originally appeared on Macworld Sweden. Translation by David Price.