🚨MAJOR REPORT: zero-click #0day in #iMessage used to infect 36 ppl @Aljazeera w/ NSO spyware. We attribute to UAE & Saudi Arabia w/medium confidence. THREAD https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
(2) BEGAN when investigation lead @billmarczak spotted unusual traffic from @Aljazeera reporter @TamerMisshal’s phone: (1) odd connections to Apple servers, (2) connection to NSO’s infection servers (3) Data flowing from his device to an NSO command and control server...
(3) VECTOR & MITIGATION: We found evidence that these hacks were via a zero-click (no user interaction & invisible) 0day in iMessage. Fortunately, features in iOS 14 appear to break the exploit chain.

To protect yourself: update to iOS 14 IMMEDIATELY.
(4) MORE VICTIMS: @Aljazeera IT worked w/ @citizenlab to expand the investigation w/network & device analysis. At least 36 ppl. confirmed infected. We also got a window into Pegasus implant capabilities.
(5) ATTRIBUTION Multiple NSO customers were simultaneously hacking inside @aljazeera. We @citizenlab attribute the largest clusters of infections to the UAE & Saudi Arabia w/ medium confidence.
(6) ALSO HACKED: Rania Dridi, presenter at @AlarabyTV was hacked at least six times between October 2019-July 2020.
(7) ANALYSIS: even v. competent IT would have a hard time spotting an NSO zero-click 0day. NSO could have prevented this human rights abuse by terminating UAE & Saudi as customers. They had years of evidence both were serial abusers of their product.
(8) ..ANALYSIS: @Microsoft president @Bradsmi is right. NSO is “societally harmful” and must be addressed like other such activity, like “human trafficking, nacotics, or terrorism”. https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
(9) ANALYSIS: The existence of a zero-click 0day on iMessage meant many, many more people likely victimized before iOS 14 roll out. Findings shared w/ @apple which is investigating. Again, please update right now.
(10) NSO is in US court arguing that they cannot be held legally responsible for hacking @whatsapp… b/c customers are govs. Bad legal logic that would create an ethically monstrous precedent. @Microsoft now weighing in. Watching to see who else joins them https://www.theguardian.com/technology/2020/dec/18/nso-group-microsoft-biden-whatsapp-cyber-attack
Microsoft seeks Biden's support in case against Israeli spyware firm

Microsoft’s president says NSO Group enables more nation-states to deploy cyber-attacks, including against journalists and activists

https://www.theguardian.com/technology/2020/dec/18/nso-group-microsoft-biden-whatsapp-cyber-attack
(11) As spy companies move towards zero-click / 0days it becomes harder to investigate abuses & to hold them accountable.

We were very lucky that @AlJazeera's IT team was on the ball (& that my colleague @billmarczak who ran the investigation is a genius. Follow him!)
You can follow @jsrailton.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.