A report by Toronto-based Citizen Lab found that the phones of 36 people including journalists, producers, anchors, and executives working at Al-Jazeera were hacked by Saudi and the UAE government operatives with the help of an Israeli based spyware.
The study traced the malware used for the hacking back to Israel-based NSO Group, the firm notorious for selling the widely criticized Pegasus spyware to governments.
The report attributes one of the four Pegasus operators behind the hack to Saudi Arabia and another one to the UAE.
The malware facilitated the journalists’ iPhones to transfer their content to servers connected to the NSO Group through pop-up messages.
Citizen Lab has been investigating the NSO spyware for four years now. As the NSO group boasts a customer base across the world, the report expressed concerns that this deems pre-iOS14 phones vulnerable to similar attacks on a large scale. The infrastructure used in these attacks included servers in Germany, France, UK, and Italy using cloud providers Aruba, Choopa, CloudSigma, and DigitalOcean, said the report.
Citizen Lab said that they have notified Apple about these concerns. Apple is currently looking into the issue and has confirmed that the software is not a threat to regular citizens. They added that their new iOS update provides protection against such attacks.
Saudi and UAE have been previously accused of using the same spyware to snoop on their dissenters. The attacks on the Qatari state-owned Al Jazeera happened in July and are an indication of extensive use of digital surveillance as a tool in the country’s ongoing conflict with Saudi and the UAE.