A new NSO zero-click attack evades Apple’s iPhone security protections, says Citizen Lab

A Bahraini human rights activist’s iPhone was silently hacked earlier this year by a powerful spyware sold to nation-states, defeating new security protections that Apple designed to withstand covert compromises, say researchers at Citizen Lab.

The activist, who remains in Bahrain and asked not to be named, is a member of the Bahrain Center for Human Rights, an award-winning nonprofit organization that promotes human rights in the Gulf state. The group continues to operate despite a ban imposed by the kingdom in 2004 following the arrest of its director for criticizing the country’s then-prime minister.

Citizen Lab, the internet watchdog based at the University of Toronto, analyzed the activist’s iPhone 12 Pro and found evidence that it was hacked starting in February using a so-called “zero-click” attack, since it does not require any user interaction to infect a victim’s device. The zero-click attack took advantage of a previously unknown security vulnerability in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone.

The hack is significant, not least because Citizen Lab researchers said it found evidence that the zero-click attack successfully exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But the hacks also circumvent a new software security feature built into all versions of iOS 14, dubbed BlastDoor, which is supposed to prevent these kinds of device hacks by filtering malicious data sent over iMessage.

Because of its ability to circumvent BlastDoor, the researchers called this latest exploit ForcedEntry.

Citizen Lab’s Bill Marczak told TechCrunch that the researchers made Apple aware of the efforts to target and exploit up-to-date iPhones. When reached by TechCrunch, Apple would not explicitly say if it had found and fixed the vulnerability that NSO is exploiting.

In a boilerplate statement re-released Tuesday, Apple’s head of security engineering and architecture Ivan Krstic said: “Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place … Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Read more on TechCrunch

A spokesperson for Apple said BlastDoor was not the end of its efforts to secure iMessage and that it has strengthened its defenses in iOS 15, which is slated for release in the next month or so.

Citizen Lab said the Bahraini government was likely behind the targeting of the Bahraini human rights activist, as well as eight other Bahraini activists between June 2020 and February 2021.

Bahrain is one of several authoritarian states known to be government customers of Pegasus, including Saudi Arabia, Rwanda, the United Arab Emirates and Mexico; though, NSO has repeatedly declined to name or confirm its dozens of customers, citing nondisclosure agreements.

Five of the targeted Bahrainis’ phone numbers were found on the Pegasus Project list of 50,000 phone numbers of potential surveillance targets of the Pegasus spyware, which gives its government customers near-complete access to a target’s device, including their personal data, photos, messages and location.

One of those listed phone numbers belongs to another member of the Bahrain Center for Human Rights, which Citizen Lab said was targeted months earlier and with a different zero-click exploit, called Kismet, which predates ForcedEntry. Citizen Lab says Kismet no longer works on iOS 14 and later since BlastDoor was introduced, but still poses a risk to devices running older iPhone versions.

Two other Bahrainis, who now live in exile in London and consented to be named, also had their iPhones hacked.

Moosa Abd-Ali, a photojournalist who was previously targeted by FinFisher spyware sold to the Bahraini government, had his iPhone hacked while living in London. Citizen Lab said it has only seen the Bahraini government spy in Bahrain and in neighboring Qatar, and said it suspects that another foreign government with access to Pegasus may have been responsible for the hack. Recent reporting found the United Arab Emirates, a close ally of Bahrain, is the “principal government” for selecting phone numbers in the U.K. Abd-Ali’s phone number was also on the list of 50,000 phone numbers.

Bahraini activist Yusuf Al-Jamri also had his iPhone hacked, believed by the Bahraini government, some time before September 2019, though it is not known if Al-Jamri’s iPhone was hacked while in Bahrain or the UAE, before he was granted asylum in the U.K. in 2017.

The seven unnamed Bahrainis continue to work in the kingdom despite a long history of human rights violations, internet censorship and widespread oppression. Reporters Without Borders ranks Bahrain’s human rights record as one of the most restrictive in the world, ranked only behind Iran, China and North Korea. A 2020 report by the U.S. State Department on Bahrain’s human rights said the country cited considerable violations and abuses, and noted that the government “used computer programs to surveil political activists and members of the opposition inside and outside the country.”

When reached, NSO Group did not answer specific questions nor would it say if the Bahraini government was a customer. In a statement attributed only as an NSO spokesperson sent via its external public relations firm Mercury, NSO said that it had not seen Citizen Lab’s findings and that it would “vigorously investigate the claims and act accordingly based on the findings.”

NSO recently claimed it cut off five government customers’ access to Pegasus for human rights abuses.

Zainab Al-Nasheet, a spokesperson for the Bahraini government, told TechCrunch in a statement: “These claims are based on unfounded allegations and misguided conclusions. The government of Bahrain is committed to safeguarding the individuals’ rights and freedoms.”

Abd-Ali, who said he was arrested and tortured in Bahrain, said that he thought he would find safety in the U.K. but that he still encounters digital surveillance but also physical attacks, as many victims of spyware experience.

“Instead of protecting me, the U.K. government has stayed silent while three of their close allies — Israel, Bahrain and the UAE — conspired to invade the privacy of myself and dozens of other activists,” he said.


You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop.

#apple, #bahrain, #espionage, #government, #imessage, #iphone, #nso-group, #pegasus, #privacy, #security, #spyware, #united-arab-emirates

A new ‘digital violence’ platform maps dozens of victims of NSO Group’s spyware

For the first time, researchers have mapped all the known targets, including journalists, activists, and human rights defenders, whose phones were hacked by Pegasus, a spyware developed by NSO Group.

Forensic Architecture, an academic unit at Goldsmiths, University of London that investigates human rights abuses, scoured dozens of reports from human rights groups, carried out open-source research and interviewed dozens of the victims themselves to reveal over a thousand data points, including device infections, which show relations and patterns between digital surveillance carried out by NSO’s government customers, and the real-world intimidation, harassment and violence that the victims are also subject to.

By mapping out these data points on a bespoke platform, the researchers can show how nation-states, which use Pegasus to spy on their victims, also often target other victims in their networks and are entangled with assaults, arrests, and disinformation campaigns against the targets but also their families, friends, and colleagues.

Although the thousand-plus data points only present a portion of the overall use of Pegasus by governments, the project aims to provide researchers and investigators the tools and data of NSO’s activities worldwide, which the spyware maker goes to great lengths to keep out of the public eye.

Pegasus “activates your camera, your microphone, all that which forms an integral part of your life.” Mexican journalist Carmen Aristegui

Israel-based NSO Group develops Pegasus, a spyware that allows its government customers near-unfettered access to a victim’s device, including their personal data and their location. NSO has repeatedly declined to name its customers but reportedly has government contracts in at least 45 countries, said to include Rwanda, Israel, Bahrain, Saudi Arabia, Mexico, and the United Arab Emirates — all of which have been accused of human rights abuses — as well as Western nations, like Spain.

Forensic Architecture’s researcher-in-charge Shourideh Molavi said the new findings reveal “the extent to which the digital domain we inhabit has become the new frontier of human rights violations, a site of state surveillance and intimidation that enables physical violations in real space.”

The platform presents visual timelines of how victims are targeted by both spyware and physical violence as part of government campaigns to target their most outspoken critics.

Omar Abdulaziz, a Saudi video blogger and activist living in exile in Montreal, had his phone hacked in 2018 by the Pegasus malware. Shortly after Saudi emissaries tried to convince Abdulaziz to return  to the kingdom, his phone was hacked. Weeks later, two of his brothers in Saudi Arabia were arrested and his friends detained.

Abdulaziz, a confidant of Washington Post journalist Jamal Khashoggi whose murder was approved by Saudi’s de facto ruler Crown Prince Mohammed bin Salman, also had information about his Twitter account obtained by a “state-sponsored” actor, which later transpired to be a Saudi spy employed by Twitter. It was this stolen data, which included Abdulaziz’s phone number, that helped the Saudis penetrate his phone and read his messages with Khashoggi in real-time, Yahoo News reported this week.

Omar Abdulaziz is one of dozens of known victims of digital surveillance by a nation state. Blue dots represent digital intrusions and red dots indicate physical events, such as harassment or violence. (Image: Forensic Architecture/supplied)

Mexican journalist Carmen Aristegui is another known victim, whose phone was hacked several times over 2015 and 2016 by a government customer of Pegasus, likely Mexico. The University of Toronto’s Citizen Lab found that her son, Emilio, a minor at the time, also had his phone targeted while he lived in the United States. The timeline of the digital intrusions against Aristegui, her son, and her colleagues show that the hacking efforts intensified following their exposure of corruption by Mexico’s then-president Enrique Peña Nieto.

“It’s a malware that activates your camera, your microphone, all that which forms an integral part of your life,” said Aristegui in an interview with journalist and filmmaker Laura Poitras, who contributed to the project. Speaking of her son whose phone was targeted, Aristegui said: “To know that a kid who is simply going about his life, and going to school tells us about the kinds of abuse that a state can exert without counterweight.” (NSO has repeatedly claimed it does not target phones in the United States, but offers a similar technology to Pegasus, dubbed Phantom, through U.S.-based subsidiary, Westbridge Technologies.)

“A phenomenal damage is caused to the journalistic responsibility when the state — or whoever — uses these systems of ‘digital violence’,” said Aristegui. “It ends up being a very damaging element for journalists, which affects the right of a society to keep itself informed.”

The timeline also shows the digital targeting (in blue) of Carmen Aristegui, her family, and her colleagues, entangled with break-ins at their office, intimidation, and disinformation campaigns (in red). (Image: Forensic Architecture/supplied)

The platform also draws on recent findings from an Amnesty International investigation into NSO Group’s corporate structure, which shows how NSO’s spyware has proliferated to states and governments using a complex network of companies to hide its customers and activities. Forensic Architecture’s platform follows the trail of private investment since NSO’s founding in 2015, which “likely enabled” the sale of the spyware to governments that NSO would not ordinarily have access to because of Israeli export restrictions.

“NSO Group’s Pegasus spyware needs to be thought of and treated as a weapon developed, like other products of Israel’s military industrial complex, in the context of the ongoing Israeli occupation. It is disheartening to see it exported to enable human rights violations worldwide,” said Eyal Weizman, director of Forensic Architecture.

The platform launched shortly after NSO published its first so-called transparency report this week, which human rights defenders and security researchers panned as devoid of any meaningful detail. Amnesty International said the report reads “more like a sales brochure.”

In a statement, NSO Group said it cannot comment on research it has not seen, but claimed it “investigates all credible claims of misuse, and NSO takes appropriate action based on the results of its investigations.”

NSO Group maintained that its technology “cannot be used to conduct cybersurveillance within the United States, and no customer has ever been granted technology that would enable them to access phones with U.S. numbers,” and declined to name any of its government customers.


You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more

#amnesty-international, #bahrain, #espionage, #forensic-architecture, #government, #jamal-khashoggi, #malware, #nso-group, #pegasus, #president, #privacy, #security, #spy, #spyware

They Relied on Chinese Vaccines. Now They’re Battling Outbreaks.

More than 90 countries are using Covid shots from China. Experts say recent infections in those places should serve as a cautionary tale in the global effort to fight the disease.

#bahrain, #china, #coronavirus-2019-ncov, #disease-rates, #mongolia, #seychelles-islands, #vaccination-and-immunization

A Decade After the Arab Spring, Autocrats Still Rule the Mideast

The popular uprisings of 2011 mostly failed, but they gave the region a taste for democracy that continues to whet an appetite for change.

#assad-bashar-al, #bahrain, #ben-ali-zine-el-abidine, #cairo-egypt, #iran, #iraq, #jordan, #lebanon, #middle-east, #middle-east-and-north-africa-unrest-2010, #mubarak-hosni, #muslim-brotherhood-egypt, #muslims-and-islam, #nahyan-mohamed-bin-zayed-al-1961, #obama-barack, #politics-and-government, #qaddafi-muammar-el, #russia, #saudi-arabia, #sudan, #syria, #tahrir-square-cairo, #trump-donald-j, #tunisia, #turkey, #united-arab-emirates, #united-states, #united-states-international-relations, #war-and-armed-conflicts, #yemen

Kuwait Says Saudi Arabia Will Reopen Borders With Qatar

The announcement by Kuwait was not confirmed by Saudi Arabia, which has led a Gulf boycott of Qatar for more than three years.

#bahrain, #egypt, #embargoes-and-sanctions, #mohammed-bin-salman-1985, #qatar, #qatar-airways, #saudi-arabia, #united-arab-emirates

Trump Incentives for Signing Peace Accords With Israel Could Be at Risk

Diplomatic sweeteners for joining the Abraham Accords that were offered to Morocco, Sudan and the United Arab Emirates could be rejected by Congress or reversed by the incoming Biden administration.

#bahrain, #economic-conditions-and-trends, #houthis, #israel, #morocco, #peace-process, #presidential-election-of-2020, #saudi-arabia, #september-11-2001, #state-department, #sudan, #terrorism, #trump-donald-j, #united-arab-emirates, #united-states-international-relations, #united-states-politics-and-government, #western-sahara, #yemen

U.S. Hopes a Small Step in Easing a Mideast Rivalry Could Further Rattle Iran’s Economy

The Trump administration wants Saudi Arabia to open its airspace to Qatari flights that are currently paying millions of dollars to route over Iran.

#bahrain, #egypt, #embargoes-and-sanctions, #iran, #kushner-jared, #qatar, #qatar-airways, #saudi-arabia, #state-department, #thani-tamim-bin-hamad-al, #trump-donald-j, #united-states-international-relations, #united-states-politics-and-government

Leadership of U.N. Human Rights Body Becomes Proxy Battle for World Powers

A fight over the council’s presidency is seen by some as an effort by China, Russia and Saudi Arabia to put a more compliant state in control ahead of greater involvement by the Biden administration.

#bahrain, #bainimarama-frank, #biden-joseph-r-jr, #fiji, #human-rights-and-human-rights-violations, #international-relations, #united-nations, #united-states-international-relations

Israel Strikes Syria and Iranian Forces as Pompeo Flies In

Israel launched the retaliatory airstrikes in Syria hours before a meeting in Jerusalem with the Bahraini foreign minister and Secretary of State Mike Pompeo.

#bahrain, #defense-and-military-forces, #golan-heights, #international-relations, #iran, #israel, #pompeo-mike, #quds-force, #syria, #united-states-international-relations

Khalifa Bin Salman al-Khalifa, Prime Minister of Bahrain, Dies at 84

During his tenure as the world’s longest-serving prime minister, he oversaw development in the Gulf kingdom, stood up for the monarchy and quashed dissent.

#bahrain, #deaths-obituaries, #khalifa-khalifa-bin-salman-al, #middle-east-and-north-africa-unrest-2010, #politics-and-government, #united-states-international-relations

Bright Lights of Dubai Beckon Israel’s Arabs but Pose a Quandary

Diplomatic ties with the U.A.E. and Bahrain could create new opportunities. But many say they are loath to undercut the Palestinian cause.

#arabs, #bahrain, #economic-conditions-and-trends, #israel, #middle-east, #palestinians, #united-arab-emirates

Trump Seeks to Turn Israeli-Arab Accords Into Campaign Gains

President Trump’s re-election campaign lost no time turning a White House ceremony into a television ad, as it targets Jewish and evangelical voters.

#bahrain, #evangelical-movement, #israel, #jews-and-judaism, #middle-east, #polls-and-public-opinion, #presidential-election-of-2020, #trump-donald-j, #united-arab-emirates, #united-states-international-relations, #united-states-politics-and-government, #voting-and-voters

Trump’s Middle Eastern Mirage

Will there be a Saudi October surprise?

#bahrain, #mohammed-bin-salman-1985, #palestinians, #saudi-arabia, #trump-donald-j, #united-arab-emirates, #united-states-international-relations

Trump’s Latest Middle East Diplomatic Deal: Triumph or Travesty?

The president said the treaty marked “the dawn of a new Middle East.” But will it be more peaceful than the old one?

#bahrain, #debatable, #israel, #israeli-settlements, #middle-east, #netanyahu-benjamin, #palestinians, #trump-donald-j, #united-arab-emirates

Trump’s Middle East Deal Is Good. But Not That Good.

The normalization of relations between Israel and two Arab states is a welcome development. There’s still a long way to go toward peace.

#bahrain, #international-relations, #israel, #netanyahu-benjamin, #palestinians, #trump-donald-j, #united-arab-emirates, #united-states-international-relations

The Love Triangle That Spawned Trump’s Mideast Peace Deal

Kushner went from playing divorce lawyer to marriage broker.

#bahrain, #international-relations, #iran, #israel, #kushner-jared, #netanyahu-benjamin, #palestinians, #trump-donald-j, #united-arab-emirates, #united-states

Trump Hosts Israel, U.A.E. and Bahrain at White House Signing Ceremony

Critics of the agreement between the three countries have called President Trump’s claims that they will produce wider peace in the Middle East to be overblown.

#bahrain, #international-relations, #israel, #kushner-jared, #middle-east, #netanyahu-benjamin, #palestinians, #presidential-election-of-2020, #trump-donald-j, #united-arab-emirates, #united-states-international-relations, #united-states-politics-and-government

A White House Ceremony Will Celebrate a Diplomatic Win and Campaign Gift

The leaders of Israel, Saudi Arabia and the United Arab Emirates have a stake in President Trump’s re-election and helped him become a peacemaker.

#bahrain, #israel, #kushner-jared, #netanyahu-benjamin, #palestinians, #presidential-election-of-2020, #trump-donald-j, #united-arab-emirates, #united-states-international-relations, #united-states-politics-and-government, #white-house-building-washington-dc

A Rare Middle East Triumph

And — yes — a triumph for Trump, too.

#abbas-mahmoud, #arab-league, #bahrain, #iran, #israel, #middle-east, #netanyahu-benjamin, #palestinians, #saudi-arabia, #trump-donald-j, #united-arab-emirates

In Arab States’ Embrace, Israelis See a Reshaped Mideast

Normalized ties with the United Arab Emirates and Bahrain raise hopes in Israel that it is finally gaining acceptance in its volatile neighborhood.

#bahrain, #defense-and-military-forces, #grand-mosque-bursa-turkey, #haaretz, #international-crisis-group, #international-relations, #israel, #jews-and-judaism, #mohammed-bin-salman-1985, #muslims-and-islam, #palestinians, #united-arab-emirates, #united-states-international-relations

Bahrain Recognized Israel. Here’s Why It Matters.

The announcement that Bahrain would establish full diplomatic relations with Israel leaves open the possibility that more Arab states will follow.

#abu-dhabi-united-arab-emirates, #bahrain, #israel, #khalifa-hamad-bin-isa-al, #mohammed-bin-salman-1985, #palestine-liberation-organization, #palestinians, #presidential-election-of-2020, #united-states-international-relations

Bahrain Says It’s Time to Embrace Israel. The Gulf Hears a Saudi Voice.

Bahrain’s closeness to Saudi rulers makes it unthinkable the change in diplomatic ties happened without approval. But Saudi Arabia itself may not be in a rush to normalize relations with Israel.

#bahrain, #international-relations, #israel, #mohammed-bin-salman-1985, #palestinians, #trump-donald-j, #united-states-international-relations, #united-states-politics-and-government

Laid Off and Locked Up: Virus Traps Domestic Workers in Arab States

The pandemic and economic crises have caused many workers to lose their jobs. Some have been detained, abused, deprived of wages and stranded far from home with nowhere to turn for help.

#abu-dhabi-united-arab-emirates, #africa, #bahrain, #beirut-lebanon, #coronavirus-2019-ncov, #dubai-united-arab-emirates, #ethiopia, #foreign-workers, #immigration-and-emigration, #kenya, #kuwait, #labor-and-jobs, #layoffs-and-job-reductions, #lebanon, #middle-east, #migrant-labor-non-agriculture, #saudi-arabia, #uganda, #united-arab-emirates, #wages-and-salaries, #women-and-girls, #workplace-hazards-and-violations

US intelligence bill takes aim at commercial spyware makers

A newly released draft intelligence bill, passed by the Senate Intelligence Committee last week, would require the government to detail the threats posed by commercial spyware and surveillance technology.

The annual intelligence authorization bill, published Thursday, would take aim at private sector spyware makers, like NSO Group and Hacking Team, who build spyware and hacking tools designed to surreptitiously break into a victim’s devices for conducting surveillance. Both NSO Group and Hacking Team say they only sell their hacking tools to governments, but critics say that its customers have included despotic and authoritarian regimes like Saudi Arabia and Bahrain.

If passed, the bill would instruct the Director of National Intelligence to submit a report to both House and Senate intelligence committees within six months on the “threats posed by the use by foreign governments and entities of commercially available cyber intrusion and other surveillance technology” against U.S. citizens, residents and federal employees.

The report would also have to note if any spyware or surveillance technology is built by U.S. companies and what export controls should apply to prevent that technology from getting into the hands of unfriendly foreign governments.

Sen. Ron Wyden (D-OR) was the only member of the Senate Intelligence Committee to vote against the bill, citing a broken, costly declassification system, but praised the inclusion of the commercial spyware provision.

Commercial spyware and surveillance technology became a mainstream talking point two years ago after the murder of Washington Post columnist Jamal Khashoggi, which U.S. intelligence concluded was personally ordered by Saudi crown prince Mohammed bin Salman, the country’s de facto leader. A lawsuit filed by a Saudi dissident and friend of Khashoggi accuses NSO Group of selling its mobile hacking tool, dubbed Pegasus, to the Saudi regime, which allegedly used the technology to spy on Khashoggi shortly before his murder. NSO denies the claims.

NSO is currently embroiled in a legal battle with Facebook for allegedly exploiting a now-fixed vulnerability in WhatsApp to deliver its spyware to the cell phones of 1,400 users, including government officials, journalists and human rights activists, using Amazon cloud servers based in the U.S. and Germany.

In a separate incident, human rights experts at the United Nations have called for an investigation into allegations that the Saudi government used its spyware to hack into the phone of Amazon chief executive Jeff Bezos. NSO has repeatedly denied the allegations.

John Scott-Railton, a senior researcher at the Citizen Lab, part of the Munk School at the University of Toronto, told TechCrunch that the bill’s draft provisions “couldn’t come at a more important time.”

“Reporting throughout the security industry, as well as actions taken by Apple, Google, Facebook and others have made it clear that [spyware] is a problem at scale and is dangerous to U.S. national security and these companies,” said Scott-Railton. “Commercial spyware, when used by governments, is the ‘next Huawei’ in terms of the security of Americans and needs to be treated as a serious security threat,” he said.

“They brought this on themselves by claiming fo years that everything was fine while evidence mounted in every sector of the U.S. and global society that there was a problem,” he said.

#amazon, #bahrain, #cell-phones, #director, #espionage, #frankfurt, #hacking-team, #huawei, #jamal-khashoggi, #mohammed-bin-salman, #nso-group, #ron-wyden, #saudi-arabia, #security, #senate, #senate-intelligence-committee, #spyware, #united-nations, #united-states, #washington-post

Ottolenghi’s Test Kitchen Is Closed. But the Recipes Keep Coming.

Away from their small North London hub, a six-member team still finds a way to share recipes, and feed loved ones.

#bahrain, #cooking-and-cookbooks, #coronavirus-2019-ncov, #kitchens, #london-england, #ottolenghi-yotam, #quarantines, #relocation-of-business