Saudis accused of using Israeli cyber firm to spy on dozens of journalists

Credit: Tamas Tomcsenko

Saudi Arabia and the United Arab Emirates have been accused of using spyware developed by Israeli cyber firm NSO Group to hack into the phones of dozens of journalists.

A report by researchers from watchdog Citizen Lab claimed that one London-based reporter and 36 of those working at Al Jazeera’s TV network in Qatar were targeted using the NSO spyware, which compromised their phones in invisible attacks. 

The group, which is based at the University of Toronto, said the attacks appeared to involve a "zero-click" approach, which exploited a vulnerability in Apple’s iMessage, and meant users would have been unaware their phones had been hacked.

It accused Saudi Arabia and the United Arab Emirates of ordering the attacks, which are said to have used NSO’s Pegasus software, and involved secret recordings of phone calls, tracking journalists’ locations and taking photos using their cameras. Al Jazeera did not respond to requests for comment. 

A spokesman for NSO rejected the claims, and said the report was based "on speculation and lacks any evidence supporting a connection to NSO". 

He said its products enabled "governmental law enforcement agencies to tackle serious organised crime and counterterrorism only, and as stated in the past we do not operate them".

"However, when we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our investigation procedure in order to review the allegations."

A spokesman Apple said the company "works tirelessly to strengthen the security of our users’ data and devices", and that its system update had been "a major leap forward in security and delivered new protections against these kinds of attacks".

"The attack described in the research was highly targeted by nation-states against specific individuals. We always urge customers to download the latest version of the software to protect themselves and their data." Apple was not able to independently verify CitizenLab’s analysis.

It is not the first time NSO has faced scrutiny, and its software was allegedly used to hack Washington Post journalist Jamal Khashoggi’s mobile before he was murdered.

Meanwhile, WhatsApp sued NSO last year over claims it had helped government spies hack around 1,400 users by exploiting a security hole in the messaging service.

Over the summer, the judge in the case ruled the lawsuit was allowed to proceed, saying it appeared the group had “retained some role” in how individuals were targeted.

NSO has denied its technology was used to hack Mr Khashoggi’s mobile, and has said it will fight the WhatsApp lawsuits.