Jordanian journalist and human rights advocate Suhair Jaradat’s iPhone was hacked on December 5, 2021 by the spyware Pegasus weeks after Apple sued manufacturer NSO Group, according to an analysis by Front Line Defenders and Citizen Lab shared with TechCrunch.
She says she received the message via WhatsApp with a link from someone posing as a popular anti-government critic. According to forensic analysis, the journalist’s phone was hacked several times in previous months. THE Apple sued the Israeli manufacturer in November 2021to prohibit NSO from using branded products and services to develop and deploy hacks against customers.
The case is moving slowly in the legal sphere and should not have a position before June. If granted the injunction, this would make it more difficult for the NSO to deploy the spyware, as the stealthier capabilities rely on Apple’s own services such as iMessage.
The Pegasus malware gives government customers full access to the targeted device. Photos, messages, precise location and audio recording are some of the personal information that spy software provides to operators. Although many Pegasus victims have been infected by clicking on a malicious link (one-click attack), there are reports that iPhones can be hacked without user interaction (zero-click attack).
Jaradat is not the only Jordanian victim of Pegasus. Phones of other human rights defenders, lawyers and fellow journalists were likely targeted by Jordanian government agencies, according to findings by Front Line Defenders and Citizen Lab on Tuesday.
BlastDoor: Apple Tries to Tighten iPhone Security, But NSO Breaks It With Exploit
After a series of iPhone hacks, Apple beefed up cell phone security by introducing BlastDoor last year. The security feature filters payloads sent by iMessage that could compromise the device. However, NSO has created a new exploit (ForcedEntry) capable of bypassing BlastDoor’s protections. In September, Apple patched the flaw after learning that the Israeli company’s exploit not only affected iPhones, but included iPads, Macs and Apple Watches.
According to the researchers, the February 2021 phone hack of Ahmed AI-Neimat, a human rights defender and anti-corruption activist, is believed to be the first suspect using the ForcedEntry exploit.
Debts and processes
In addition to the lawsuit filed by Apple, NSO faces another legal battle with Meta, the parent company of Facebook, Instagram and WhatsApp. The company is accused of using a messenger vulnerability to hack 1,400 civilian phones.