Saudi Arabia and the United Arab Emirates (UAE) have hacked the phones of dozens of journalists using spy software developed by Israeli firm NSO Group, according to a report released by Canadian Citizen Lab.
Citizen Lab, an interdisciplinary laboratory that is part of Toronto University, said Sunday the Pegasus spyware was used to hack 36 personal phones belonging to journalists, producers, anchors and executives at Al Jazeera, as well as one personal phone of a journalist at London-based Al Araby TV. The hackings were done in July and August with an iMessage zero-click exploit called Kismet.
The study noted that all of the hacked phones were iPhones and the malicious code only made those phones vulnerable which were under Apple's iOS 14 system.
"We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system," it added.
Four Pegasus operators, including Saudi Arabia's Monarchy and UAE's Sneaky Kestrel, have been used during the hackings.
The infrastructure used in these attacks included servers in Germany, France, the U.K. and Italy, using cloud providers Aruba, Choopa, CloudSigma and DigitalOcean, according to the report.
The lab said it has informed Apple about the findings and the company has confirmed that it is working on the matter.
In January, The Guardian reported that the Amazon billionaire Jeff Bezos had his mobile phone hacked in 2018 after receiving a WhatsApp message that had been sent from the personal account of Saudi Arabia's crown prince, Mohammed bin Salman.
Large amounts of data were extracted from Bezos' phone during the hack, the news website reported.