iPhones Vulnerable to Zero-Click Exploit

Posting ID 129054
Date Added: 12/20/2020 8:39 PM EST
Date Modified: 12/20/2020 8:40 PM EST
Watch Floor



Researchers at the University of Toronto’s Citizen Lab have discovered a hacking tool dubbed “Kismet” which can bypass the security on an iPhone by sending a message via iMessage which the victim doesn’t need to click on. While the first confirmed uses of this malware were this summer, Citizen Lab claims that logs from compromised phones show the same or similar zero-click, zero-day exploit in use as far back as October 2019.


The research shows that Kismet is in use by Israeli company NSO Group, and has been sold to unnamed clients who used it to spy on journalists working for Al Jazeera, although detections indicate that at least 25 countries may be using the software. According to Citizen Lab, NSO Group also provided its clients another piece of software called Pegasus, which was uploaded to the compromised phones. Once installed, it had the ability to track location, access passwords and stored credentials, record audio from the microphone including encrypted phone calls, and take pictures via the phone’s camera.


Citizen Lab noted that the vulnerability appears to have been fixed with Apple IOS 14, but reiterated that previous versions remain vulnerable. In a statement, an Apple spokeperson said “the attack described in the research was highly targeted by nation states against specific individuals. We always urge customers to download the latest version of the software to protect themselves and their data.”


NSO Group said its products are for tackling “serious organized crime and counter-terrorism” and any evidence of a serious breach of its policies would be investigated, adding “we do not have access to any information with respect to the identities of individuals our system is used to conduct surveillance on.”


This is not the first instance of NSO Group supplying exploits to iPhone, a previous malware known as Karma which employs the same zero-touch ability was acquired by UAE Intelligence in 2016 via cybersecurity firm DarkMatter. NSO Group is also involved in litigation with Facebook over having supplied a similar software that exploited WhatsApp.



The E-ISAC will continue to monitor this situation and provide relevant updates when necessary.  If you have any questions or comments, please reach out to us at operations@eisac.com or at 202-790-6000.  Members and partners are encouraged to share information via the E-ISAC Watch at operations[@]eisac.com [mailto:operations[@]eisac.com], posting appropriate information on the E-ISAC Portal, or calling 202-790-6000 (24/7).



Alex Hern. The Guardian. iPhones vulnerable to hacking tool for months, researchers say December 20, 2020

Zack Whittaker. TechCrunch. Dozens of journalists’ iPhones hacked with NSO ‘zero-click’ spyware, says Citizen Lab December 20, 2020


Joel Schectman, Christopher Bing. Reuters. UAE used cyber-superweapon to spy on iPhones of foes January 30, 2019


Devin Coldeway. TechCrunch. WhatsApp exploit let attackers install government-grade spyware on phones May 13, 2019


Citizen Lab. The Great iPwn: Journalists hacked with suspected NSO Group iMessage ‘Zero-Click’ Exploit December 20, 2020

Category Type:
Cyber Security
TLP - White
Shared Count (15)
  • Canadian CERTs
  • CRISP - Cyber Risk Info Sharing Program
  • DOE Complex
  • E-ISAC AOO Members
  • E-ISAC Staff
  • FBI, LE Fusion
  • FERC - OEIS, etc
  • International (other ISACs, CERTs)
  • Other (inc. local/state commissions)
  • Trade Organizations
  • Watch Floor
Change History
  • Admin, 01/13/2021