Bahrain Government Used NSO Group’s Zero-Click iPhone Exploit to Target Activists

Phone with NSO Group Logo on a Macbook Keyboard

A new report shows that the government of Bahrain used the NSO group’s spyware to snoop on nine activists. The government used Pegasus and two zero-click exploits to carry out the attacks.

The NSO Group has faced significant backlash in recent months for its spyware Pegasus. Dozens of organizations have used the spyware to snoop on world leaders, activists, and journalists. This report adds to the growing instances of governments misusing spyware.

Human Rights Activists Targeted

Citizen Lab’s researchers said that, between June 2020 and February 2021, the Bahrain government hacked the iPhones of nine activists.

The Bahrain government has a notorious reputation for crushing dissent and deploying draconian measures to regulate online public discussions. Additionally, it is known to “blackmail government opponents, torture activists, and commit other human rights violations.”

The targets of the reported hack include three members of Waad, a secular political society, and three members of the Bahrain Centre for Human Rights. The other activists were two exiled Bahraini dissidents and one member of Al Wefaq, a Shiite political society.

The report notes that two of the activists reside in London, where at least one of them was hacked. According to Citizen Lab’s previous research, the Bahrain Government only used Pegasus in Bahrain and Qatar, never in Europe. Therefore, the researchers believe that a different Pegasus Operator hacked the activist in London.

New Zero-Click iPhone Exploit Used

The report states that Pegasus Operator LULU was behind at least four of the hacks. The researchers attribute LULU to the Bahrain Government with great confidence, while adding that it is a well-known spyware abuser.

Apart from Pegasus, Citizen Lab said that the government used the 2020 KISMET exploit and the 2021 FORCEDENTRY exploit. They found that the exploits successfully compromised the latest iPhone iOS (iOS 14.4 and iOS 14.6) at the time.

Researchers first observed the NSO Group deploy a new zero-click iMessage Exploit in February 2021. The exploit circumvented Apple’s new software security feature, called BlastDoor. Consequently, the researchers referred to the exploit as FORCEDENTRY because of its ability to circumvent BlastDoor.

Citizen Lab researchers have informed Apple of the attempts to target and compromise up-to-date iPhones. Since then, Apple has said that it has strengthened its defenses in iOS 15.

Response by NSO Group and Bahrain Government

NSO Group has not released an official statement in response to the report. A spokesperson said that NSO has not seen Citizen Lab’s reports, and that it would investigate reliable information about misuse of systems. Recently, NSO claimed it cut off five government customers’ access to Pegasus due to human rights abuse.

A spokesperson for the Bahraini government stated that the claims in the report were “based on unfounded allegations and misguided conclusions.”

They added that the Bahraini government is “committed to the safeguarding of individuals’ rights and freedoms.”

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.