Journalists iPhones compromised working for Al Jazeera

The iPhones of three dozen journalists working for Al Jazeera were hacked using iMessage zero-click exploit to install spyware as part of a Middle East cyberespionage campaign.

Researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple's iMessage.

Pegasus spyware is developed by Israeli private intelligence firm NSO Group and allows an attacker to access sensitive data stored on a target device — all without the victim's knowledge. The device revealed a burst of network activity that suggests that the spyware may have been delivered silently over iMessage.

NSO said it was unable to comment on the allegations as it had not seen the report, but declined to say when asked if Saudi Arabia or the UAE were customers or describe what processes - if any - it puts in place to prevent customers from targeting journalists.

It is reported that the exploit chain called KISMET, a zero-day present in iOS 13.5.1 could be used to break Apple's security protections. Citizen Lab said the 36 phones in question were hacked by four distinct "clusters" or NSO operators with probable ties to the Saudi and the United Arab Emirates governments.