"It’s like being robbed by a ghost."
In a chilling cautionary tale, a New York Times journalist says a hacker was able to access his iPhone after sending him a text message — even though he never clicked anything.
Ben Hubbard, a NYT reporter covering the Middle East, said that hackers used something called a "zero-click exploit" in order to get into his phone in 2020 and 2021, according to an article he wrote in the NYT. Experts say that just receiving an iMessage from a hacker using this exploit can be enough to leave users’ personal data exposed.
"It’s like being robbed by a ghost," Hubbard wrote.
After consulting with Citizen Lab, a spyware research institute, Hubbard was able to trace the source of the text back to spyware called Pegasus. The software was created by the NSO Group, an Israel-based software developer, and has been linked to mobile phone hacks before — though the company routinely denies the allegations.
The software appears to have been used by the Saudi Arabian government in attempts to hack Hubbard in the past, likely due to the fact that he frequently reports on the Middle Eastern country, and has even penned a novel about Crown Prince Mohammed bin Salman, the country’s de facto ruler who reportedly ordered the assassination of journalist Jamal Khashoggi for his critical reporting of the Saudi government. As such, he believes that Saudi Arabia is very likely behind the two zero-click exploits.
The hacks are incredibly troubling for a variety of reasons.
For one, it shows how sophisticated the tools hackers use have gotten in recent years. Now avoiding suspicious links isn't necessarily enough; your personal data is at risk if you simply receive a text message. While Apple has made attempts to update their phones’ security to guard against these new threats, it’s like playing whack-a-mole. You might hit one, but another is just going to pop up sooner or later.
Also, the idea of government bodies hacking into the phones of private citizens and journalists to spy on them is incredibly disconcerting in its own right. Luckily, that would never happen here in the US. Oh wait... oh no...
READ MORE: I Was Hacked. The Spyware Used Against Me Makes Us All Vulnerable. [The New York Times]
More on hackers: Teen Hacks School Computer System, Rickrolls Entire School District