A number of journalists’ iPhones have been compromised following an iMessage vulnerability.
A Citizen Lab report from the Toronto University reveals that the operation began in July and August this year and was conducted by government agents. The target were news-gathering organizations’ executives, anchors, producers, and journalists.
The agents used a vulnerability titled ‘Kismet’, which is a Pegasus spyware that works within the iMessage app. The zero-click exploit was discovered in iOS 13.5.1 and other versions.
The attacks were believed to come from ‘Monarchy’ in Saudi Arabia and ‘Sneaky Kestrel’ in UAE. The Pegasus operators were rumored to be employed by the two countries’ crown princes.
Once the exploit kicks in the device will begin to send huge amounts of data without the owner’s knowledge. The transfer includes stored passwords, account credentials, images taken by the device’s camera, phone calls and audio recorded by the device’s microphone.
iPhones that are on iOS 14 or later are safe from the iMessage exploit.