Pegasus spyware from Israel’s NSO Group is now reported to have affected iPhone users as well. Evidence was recently found that the military-grade malware is being used to spy on journalists, human rights activists, and political dissidents. New forensic analysis uncovers evidence that NSO Group’s spyware has infected newer iPhone models, specifically iPhone 11 and iPhone 12, through iMessage zero-click attacks. Amnesty International and Forbidden Stories claim that thousands of iPhone handsets have been potentially compromised by the NSO spyware.
The Pegasus Project is an ongoing investigation led by Paris-based journalism non-profit Forbidden Stories and other media partners that conducts forensic tests to find traces of the spyware on 50,000 phone numbers of potential surveillance targets. In the latest the investigation, it was revealed that iMessage zero-click attacks have been used to install spyware on iPhone handsets. Amnesty International says that it was able to confirm that thousands of iPhones were listed as potential targets for Pegasus spyware, though it was not possible to confirm how many were successfully hacked.
In the latest report, Deputy Director of Amnesty Tech Danna Ingleton says, “Our forensic analysis has uncovered irrefutable evidence that through iMessage zero-click attacks, NSO’s spyware has successfully infected iPhone 11 and iPhone 12 models. Thousands of iPhones have potentially been compromised. These attacks have exposed activists, journalists and politicians all over the world to the risk of having their whereabouts monitored, and their personal information and used against them. This is a global concern – anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand.”
Head of Apple Security Engineering and Architecture, Ivan Krstić said in a statement that these attacks are highly sophisticated, costs millions, and are targeted to specific people only. Apple is working on bringing new protections to enable more security of iPhone units. “Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” Krstić said.
This military-grade spyware used for high-tech spying for NSO clientele is touted to be a case of human rights abuse. While NSO Group denies all allegations, critics call these claims dishonest and assert that the spyware is now used only to fight crime, but also conduct surveillance. There is no clarity on who authenticated this sort of vetting but given that even iPhone handsets with the latest of security were not spared, speaks volumes for the targeted surveillance.
Amnesty asserts that the NSO spyware is being systematically used for repression and other human rights violations, and just to fight crime. It particularly urges NSO Group to immediately stop selling its equipment to governments with a track record of abusing human rights and asks governments across the globe to implement a global moratorium on the export, sale, and use of surveillance equipment until a human rights-compliant regulatory framework is in place.