The personal smartphones of dozens of employees at the Qatari news broadcaster Al Jazeera have been hacked by suspected state-funded attackers with ties to Saudi Arabia and the United Arab Emirates. The spyware used comes from the Israeli provider NSO Group, according to the security researchers at the Canadian Citzen Lab, who have now made their findings public. According to this, an exploit for Apple’s iMessage was used in the attacks in the summer, which compromised the devices without the target person having to click. The then current iOS version 13. 5.1 was therefore vulnerable, including the iPhone 11.

States dissatisfied with reporting How Citizen Lab now executes, the investigative journalist Tamer Almisshal first suspected that his phone could be hacked. After contacting the Canadians, he installed software designed to help detect such an attack. It then hit in mid-July and documented attempts to contact NSO servers. Subsequent analyzes of the journalist Rania Dridi’s iPhone Xs Max then made several attacks visible. In cooperation with the IT team from Al Jazeera, 36 people were finally identified at the station who had been hacked in four different attacks.

The researchers assign one of the attackers to Saudi Arabia with “medium security” and one to the Emirates. They only locate two more in the Middle East. In addition, the experts establish a connection between the attacks and the geopolitical situation in the area from which Al Jazeera originates, even if Dridi reports from London: After the important role that Al Jazeera played in the so-called “Arab Spring”, some had Those in power in the region criticized Al Jazeera and Qatar, which finances the station, a lot. The station has long been a thorn in the side of Qatar’s neighbors.

iOS loophole probably closed The NSO Group has already distanced itself from the attacks towards the British Guardian. You have no information about the individuals against whom your own customers are proceeding. But if you get credible information about abuse, take “all necessary steps to investigate the allegations”. According to Citizen Lab, the gaps in iOS that were exploited for the attacks were open for a long time, but should no longer work under iOS 14. The infrastructure that was used for the attacks was therefore located in Germany, among other places. Detailed information on the attacks is available from the Citizen Lab. The researchers also warn that the hacks are becoming increasingly sophisticated and difficult to detect. In addition, journalists are more and more often the target.

(mho)