NSO’s Pegasus Strikes Again!

By-Arun Shekhar Jawla

This time nine Bahraini activists have been targeted by the NSO software spyware. The preliminary investigation indicates the spyware’s use of multiple vulnerabilities in iMessage. Bahrain government operator [codenamed LULU] compromised iPhones using Pegasus via a zero-click iMessage exploit known as KISMET between July and September 2020, as noted by Citizen Lab researchers. Once a message is received it enables the spyware to compromise the operating system and monitor its internet traffic. According to the Citizen Lab, this exploit has compromised iOS versions.

However, Apple has updated its iOS and added BlastDoor security features to defend its OS from any future attacks against zero-click iMessage. Now, NSO’s Pegasus spyware is using a single-click attack whose activation requires victims to follow a link on the iMessage. 

In February 2021, Pegasus returned to zero-click attacks using a new exploit called FORCED ENTRY. This exploit is similar to Megalodon, which was used in the attack on Amnesty International. This zero-click attack can compromise anyone’s phone without any user interaction. Amnesty International confirmed that Megalodon compromised iPhones running at iOS 14.6 in June 2021. Presently, the latest version of iOS available in the market is 14.7.

Bahrain has been classified as “Not Free” by Freedom House [a non-profit that promotes democracy worldwide] and it was given a freedom score of 29%. Such a low score was the result of heavy restrictions on internet use and strong censorship in the country. The country is also famous for its online surveillance practices, including spyware and arresting internet users for discussing forbidden topics online.

Citizen Lab first documented Bahrain Pegasus use in 2018 via a government operator that it called PEARL. In this post, it was predicted that it might be the same state surveillance team. It also cited other several companies used by the Bahrain government for its online surveillance including Verint, FinFisher, Netsweeper, and Cellebrite, etc. NSO faces huge challenges due to its history with oppressive countries, which uses its spyware, including Bahrain. There has been a series of actions taken against the sale of its spyware such as Amazon Web Services shut down NSO infrastructure running on its servers in July and UN HR experts reintroduced calls for an international moratorium.