Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

The new research raises concerns about iOS security.
An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group, on August 28, 2016, in Herzliya, near Tel Aviv. - (Photo by JACK GUEZ/AFP via Getty Images)

Government hackers used NSO Group surveillance technology to infiltrate the phones of nine Bahraini activists, according to a new report from Citizen Lab.

The victims included a blogger, activist, members of political organization Waad and members of the Bahrain Center for Human Rights. Five of the targets identified by Citizen Lab, an internet watchdog from from the University of Toronto, were listed on a list of individuals obtained by Amnesty International as a part of its “Pegasus Project” investigation. The list is believed to comprise potential targets of NSO Group’s customers.

Hackers used fake texts that linked out to malicious software as well as “zero-click” attacks, which do not require any user interaction.

Researchers found that attackers successfully exploited the most recent versions of Apple iOS, circumventing protections introduced by the company in January to protect users against such attacks. Amnesty Tech has also reported zero-click exploits successfully exploiting iOS 14.6 as recently as July.


Given the nature of the targets and that one of the Pegaus operators operators exclusively in Bahrain, researchers believe that the Bahraini government is behind the operations detailed in the report. The Bahraini government has a long history of monitoring and retaliating against activists, with surveillance efforts dating back more than a decade.

Apple plans to release additional security measures for iMessage in its upcoming iOS 15 release, an Apple spokesperson told TechCrunch. The Bahraini government has denied Citizen Lab’s findings.

At least two of the victims discovered by CitizenLab were located in the United Kingdom at the time their phones were infiltrated, indicating that a second foreign government or actor with a history of successfully hacking inside the region may have been involved, researchers say.

NSO Group through a spokesperson accused Citizen Lab of failing to share research with the company that would allow it to mitigate human rights violations.

“Until they choose to cooperate and allow us to get to the bottom of this, it will be very difficult for us to conduct any real investigation,” the spokesperson wrote.


NSO Group said earlier this year it has removed several customers for human rights abuses but has not provided any additional details.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts