A zero-click iMessage vulnerability, which remained unpatched for around year may have been used by Middle Eastern governments to target journalists. According to reports the vulnerability was of zero-click nature, which means it did not require the user to take any action and could become active on the target device by only receiving a text message.
The vulnerability that is dubbed by Citizen Lab as KISMET is said to have been used by Saudi Arabia and United Arab Emirates governments to target journalists working for Al Jazeera, a Qatari news organization. Around 36 people working for the organization may have been targeted by this hack.
The spyware that was used to take advantage of this particular iMessage vulnerability was developed by the Israeli company NSO Group. While the report focuses on a few dozen or so journalists that have been targeted by this hack, experts at Citizen Lab suspect that the same could have been used to target more victims.
The iMessage hack could be used to target almost every iPhone model provided it was running the version of iOS operating system prior to iOS 14. This means all versions of iOS 13 or earlier were vulnerable to this hack, after Apple finally closed the vulnerability with the September release of iOS 14.
Traces of this hack being used have been found as early as October and December 2019 in compromised devices and confirmed to be working in iOS 13.5.1 and iPhone 11. New iPhones that includes the iPhone 12 lineup are not vulnerable to this hack, as they come with iOS 14 or later out of the box. Those devices that have been updated to iOS 14 are also not vulnerable.
The hack was discovered when one of the journalists who had been victim of the hack approached Citizen Lab and asked them to check if he has been hacked. After installing a VPN on the victim’s iPhone, Citizen Lab monitored the incoming and outgoing communications and determined that the exploit was being used intercept communication and phone connected to a server hosting NSO Group’s Pegasus spyware
While average user does not need to be worried about this hack, it is always a great idea to keep your device updated to the latest version of iOS in order to make sure your device is not vulnerable to any hacks. (via)
Find more tips on how to keep your iPhone secure from hackers in the video below.