The Citizen Love research institute claims that the Israeli offensive cyber company allegedly used zero-click vulnerability to hack into journalists’ iPhones. NSO: “Citizen Love continues to publish reports based on false and biased speculations and lacking any factual basis”
NSO Management. Source: PR
After receiving “praise” from the president of Microsoft – the Israeli NSO Group is now accused by the Citizen Lab Institute at the University of Toronto of exploiting a security vulnerability in the iPhones to hack into dozens of journalists’ devices.
Dozens of journalists’ devices were hacked
According to a report by Citizen Love, the Israeli offensive cyber company, used a security vulnerability it found in Apple’s operating system – iOS – to hack into 36 journalists’ devices in July and August 2020. The vulnerability in iOS, which according to Citizen Love reported was used by NSO To hack into devices, it was named Kismet.
Citizen Love says that Kismet is a zero-click vulnerability in Apple’s messaging software – iMessage, which means it could have been installed without clicking on the victim’s link. According to the researchers, the vulnerability was used to install the company’s familiar tool – Pegasus – on journalists’ devices, in order to gain full access to their devices. Among other things, the report claimed that the vulnerability allowed NSO personnel to hack into the devices by sending a message in iMessage, which they did not have to click on at all, gain access to all the information stored on the devices, and disappear without leaving a trace behind them.
In the report, the researchers wrote: “We believe that (at best) this version of Pegasus had the ability to track device locations, access passwords and access information stored on the device, record sound from the device’s microphone – both as a ‘hot microphone’ – when not in use and From encrypted conversations made in it – and photography with the device’s camera. “
According to the report, the breach existed for about a year in version 13.5.1 of iOS and affected all devices up to iPhone 11 – which was then the newest. The vulnerability was fixed when the operating system was updated to version 14 last September.
Although, according to the institute’s researchers, the actual hacking of the devices was allegedly done only in July and August of this year, the use of the security vulnerability by NSO was made as early as October-December of last year.
Citizen Love has called on all iPhone owners who have not yet updated their iOS 14 operating system to do so to avoid exposure to security vulnerabilities that quite a few other players can take advantage of. According to the research institute, the report and information they gathered regarding the security vulnerability were also passed on to Apple – which confirmed that the issue would be investigated.
In response to Giktiim’s request, NSO provided the following response: Citizen Love continues to publish reports that are based on erroneous and biased speculations and lack any factual basis. “From partial information that we have received so far from journalists (since Citizen Love again chose to act with basic dishonesty and not send us the report), this report also seems to have no factual basis, and as stated, we will not be able to respond to the report we have not yet read.”
Citizen Love is apparently unaware of the existence of other companies in the cyber field, and although we are proud that NSO is a world leader in its field in the world, we would like to emphasize that not every event is necessarily related to us. NSO develops products that enable state security authorities to deal with terrorism and serious crime, and as previously stated, we do not operate the technology and are not exposed to any information held by the customer. At the same time, when we receive reliable and trustworthy information about improper use of our systems, which was carried out in violation of a contract with us, we open an extensive and in-depth investigation, in accordance with the policy of compliance and regulation we have taken upon ourselves.
Oshri Alexelsi
Your Friendly Neighborhood Geek. Do you have a technological story? Talk to me: [email protected]
