Zero-Click iMessage Pegasus Exploit Used to Target Nine Bahraini Activists

Nine Bahraini activists were reportedly targeted by their government using Pegasus spyware.

According to a new report from TechCrunch, a previously undisclosed “zero-click” exploit in Apple’s iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists.

Citizen Lab at the University of Toronto said NSO Group’s Pegasus malware successfully hacked the phones between June 2020 and February 2021. Those reportedly hacked included members of the Bahrain Center for Human Rights and two political dissidents living in exile. At least one of the activists lived in London when the hacking occurred, Citizen Lab said.

Citizen Lab called the new exploit chain “FORCEDENTRY.”

“The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society),” Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.

The development comes a little over a month after an extensive investigation undertaken by a consortium of 17 media organizations revealed the widespread use of NSO Group’s Pegasus “military-grade spyware” by authoritarian regimes to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world.

The company has since temporarily blocked several government clients globally from using its technology as the company probes its potential misuse, while also acknowledging that it “shut off five clients’ access in the past several years after conducting a human rights audit, and had ended ties with two in the last year alone,” according to the Washington Post.

In a boilerplate statement re-released Tuesday, Apple’s head of security engineering and architecture Ivan Krstic said: “Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place … Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Unfortunately, until Apple issues security updates to address the flaws targeted by NSO Group’s FORCEDENTRY exploit, the only thing potential targets could do to protect themselves is to disable all apps the Israeli surveillance firm could potentially target.