Pegasus hacking tool used to spy on journalists and activists

Posted:
in General Discussion
Human rights activists and journalists have been the subject of hacking attempts using NSO Group's Pegasus spyware, an investigation claims, with approximately 37 smartphones successfully hacked using the surveillance tool.




NSO Group is known for producing hacking tools, which are used by governments and law enforcement agencies around the world. The company's best-known tool is "Pegasus," spyware that can jailbreak a device like an iPhone, install malware, and allow the exporting of user data.

In an investigation by a group of 17 media organizations, it seems Pegasus is being used to attack critics of governments, rather than just against criminals. A leak, reported by The Guardian, includes a list of more than 50,000 phone numbers thought to have been people of interest for clients of NSO Group since 2016.

However, more than 180 numbers associated with journalists were included in the list, including reporters and executives at major outlets, including the Financial Times, CNN, and the New York Times.

If infected, Pegasus enabled a user to extract practically any data they wanted from the device, as well as to enable cameras and microphones in secret, read encrypted messages, and record phone calls. It was also possible for GPS coordinates to be acquired, allowing for live tracking and logging of where the target had been.

While the list of numbers uncovered by journalism non-profit Hidden Stories and Amnesty International does not guarantee that the devices in question were attacked with the software, it seems a high proportion may have undergone some form of surveillance.

Amnesty's Security Lab discovered traces of Pegasus activity on 37 out of 67 smartphones it examined that were linked to the list. The smartphones were sourced from journalists, human rights activists, and lawyers who appeared on the list.

In some cases, it was found that the time and date the person was added to the list was very close to any recorded activity on the device, sometimes within seconds.

A group of 10 governments are believed to be NSO clients adding numbers into the system, with the list including Azerbaijan, Kazakhstan, Rwanda, and the UAE, among others. Mexico is thought to have contributed the most numbers to the list at over 15,000 lines, with its use by multiple agencies the most likely reason for the high count.

The leaked data also suggests Pegasus was used by Saudi Arabia and the UAE to target smartphones of people close to murdered journalist Jamal Khashoggi for months after his death. A Turkish prosecutor investigating the death was also apparently considered a target for surveillance.

In a statement to The Verge, NSO denied the report's claims, insisting it was "full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources." The company firmly denies the report's claims and is apparently considering a defamation lawsuit as "these allegations are so outrageous and far from reality."

In October 2019, Facebook sued NSO Group over allegations the hacking tool producer used a vulnerability in WhatsApp to send malware to around 1,400 journalists. In April 2020, NSO Group claimed Facebook had previously approached the company in 2017 to potentially buy access to the software, specifically to gather data on Apple devices.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

Read on AppleInsider

Comments

  • Reply 1 of 12
    I would like to know which versions of iOS / iPhones were affected. Critical: Pegasus could apparently be installed via zero-days, via iMessage-data, via imsi-catchers - and all also without any user interaction. 

    Once on a phone it could even suppress installation of bug-fixes via OS-Updates (not sure if iOS or Android was suppressed), as I read. 

    These are critical news. I think Apple is still quite secure, but when they found relics of Pegasus on 37 of 44 iPhones from suspected persons on these lists that’s diminishing my confidence in Apple. And a strong argument against any back doors once again. 
    watto_cobrabyronl
  • Reply 2 of 12
    Standard journalism nonsense here. Regarding the surveillance mentioned, most is normal operation procedure on Android. Google (and Facebook) collect and monetize most of the data mentioned. Why would "Pegasus" even be needed? Other than trolls and anti apple hysterical, it is plain fact that location data, contacts list, messaging metadata among others is factually monetized. A third party app of any variety can also record this data without even breaking ToS or being malware based. 
    Stupid Apple for not taking this chance to hit that point over and over hard! Instead going with a wimpy "experts say we are safer". That's like a bad TV commercial statement.

    The article is short on details except mentioning "through apps" and mentioning the vulnerability found in iMessage. Apple patched that vulnerability. So what other Apps were involved? I'll wager it isn't iOS but again if it is an app doing data tracking outside of the app usage, Apple should know this and pull it. Not naming Apps? That probably means there is a big name behind an app. 
  • Reply 3 of 12
    citpekscitpeks Posts: 151member
    Standard journalism nonsense here. Regarding the surveillance mentioned, most is normal operation procedure on Android. Google (and Facebook) collect and monetize most of the data mentioned. Why would "Pegasus" even be needed? Other than trolls and anti apple hysterical, it is plain fact that location data, contacts list, messaging metadata among others is factually monetized. A third party app of any variety can also record this data without even breaking ToS or being malware based. 
    Stupid Apple for not taking this chance to hit that point over and over hard! Instead going with a wimpy "experts say we are safer". That's like a bad TV commercial statement.

    The article is short on details except mentioning "through apps" and mentioning the vulnerability found in iMessage. Apple patched that vulnerability. So what other Apps were involved? I'll wager it isn't iOS but again if it is an app doing data tracking outside of the app usage, Apple should know this and pull it. Not naming Apps? That probably means there is a big name behind an app. 

    175 words to say "I haven't read the article, or have no critical thinking skills."
    0815tmayCloudTalkinelijahghcrefugeeOferfochermagman1979caladanianfastasleep
  • Reply 4 of 12
    citpeks said:
    Standard journalism nonsense here. Regarding the surveillance mentioned, most is normal operation procedure on Android. Google (and Facebook) collect and monetize most of the data mentioned. Why would "Pegasus" even be needed? Other than trolls and anti apple hysterical, it is plain fact that location data, contacts list, messaging metadata among others is factually monetized. A third party app of any variety can also record this data without even breaking ToS or being malware based. 
    Stupid Apple for not taking this chance to hit that point over and over hard! Instead going with a wimpy "experts say we are safer". That's like a bad TV commercial statement.

    The article is short on details except mentioning "through apps" and mentioning the vulnerability found in iMessage. Apple patched that vulnerability. So what other Apps were involved? I'll wager it isn't iOS but again if it is an app doing data tracking outside of the app usage, Apple should know this and pull it. Not naming Apps? That probably means there is a big name behind an app. 

    175 words to say "I haven't read the article, or have no critical thinking skills."

    Wow, you’re right (a quick scan of the previous reveals that is something you’re undoubtedly unaccustomed to), I only scanned the Ai article. I’d already read the story at the guardian. While AI was comparatively succinct — though still informative — it was an abbreviation of the original. The guardian has significantly more information, maps, excellent links to the Pegasus Project. But that article isn’t for you, it doesn’t have basic three word explanation pop ups, coloring book print outs, or TikTok twerking videos. 
  • Reply 5 of 12
    tmaytmay Posts: 5,427member
    Standard journalism nonsense here. Regarding the surveillance mentioned, most is normal operation procedure on Android. Google (and Facebook) collect and monetize most of the data mentioned. Why would "Pegasus" even be needed? Other than trolls and anti apple hysterical, it is plain fact that location data, contacts list, messaging metadata among others is factually monetized. A third party app of any variety can also record this data without even breaking ToS or being malware based. 
    Stupid Apple for not taking this chance to hit that point over and over hard! Instead going with a wimpy "experts say we are safer". That's like a bad TV commercial statement.

    The article is short on details except mentioning "through apps" and mentioning the vulnerability found in iMessage. Apple patched that vulnerability. So what other Apps were involved? I'll wager it isn't iOS but again if it is an app doing data tracking outside of the app usage, Apple should know this and pull it. Not naming Apps? That probably means there is a big name behind an app. 
    You seem to have a different take about NSO Pegasus than myself and others.

    My take is that a number of Governments, many authoritarian, are violating the terms of NSO's contracts, and these violations are with respect to spying on world leaders, activists, and journalists.

    https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/

    "NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project, a collaborative investigation that involves more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories with technical support of Amnesty International’s Security Lab.[1]

    Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware."


    There's a better explained link of posts by John Scott-Railton, University of Toronto, CitizenLab


    edited July 19 Ofermagman1979watto_cobra
  • Reply 6 of 12
    GeorgeBMacGeorgeBMac Posts: 10,264member
    Israel is out of control.  This kind of thing is pretty normal for that country.

    One can only wonder what & how much they have on U.S. politicians who seem to support Israel more than they do their own country.

    What do they say?
    "But don't worry!  Our spyware is only used by good guys to spy on bad guys!"

    But funny how it is them who get to define who's a good guy and who's a bad guy.
    Ofermagman1979
  • Reply 7 of 12
    gatorguygatorguy Posts: 23,171member
    PED's comment after a tweet from a security researcher yesterday:

    "@AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.

    It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain’t solving.

    Phone logs show that (at least some of) the iOS 13.x and 14.x zero-click exploits deployed by NSO Group involved ImageIO, specifically the parsing JPEG and GIF images. ImageIO has had more than a dozen high-severity bugs reported against it in 2021.

    BlastDoor is a great step, to be sure, but it’s pretty lame to just slap sandboxing on iMessage and hope for the best. How about: “don’t automatically run extremely complex and buggy parsing on data that strangers push to your phone?!”

    My take: I pay Apple a premium so I don’t have to worry about this kind of crap. You’ve been warned, Cupertino. Clock’s a-ticking.


    edited July 19 elijahgtmaymuthuk_vanalingamhcrefugeeOfercaladanianbyronl
  • Reply 8 of 12
    lkrupplkrupp Posts: 9,456member
    So should we all switch to Android then because it’s impervious to these attacks? I mean, we never hear about journalists and politicians who use Android getting surveilled or compromised by zero-day drive by hacks. What’s goin on here?
    watto_cobra
  • Reply 9 of 12
    gatorguygatorguy Posts: 23,171member
    lkrupp said:
    So should we all switch to Android then because it’s impervious to these attacks? I mean, we never hear about journalists and politicians who use Android getting surveilled or compromised by zero-day drive by hacks. What’s goin on here?
    Nothing is "impervious".  If you're really all that important and insist on using electronic devices you may be hacked, comes with the territory. If "they" want you bad enough they'll getcha. For the rest of us, the "common man" such as you and me, neither platform is a security risk IMO.

    TBH I doubt anyone here is important enough to bother worrying about it, though that won't stop a few souls from displaying their hand-wringing exercises anyway.
    edited July 19
  • Reply 10 of 12
    auxioauxio Posts: 2,331member
    gatorguy said:
    lkrupp said:
    So should we all switch to Android then because it’s impervious to these attacks? I mean, we never hear about journalists and politicians who use Android getting surveilled or compromised by zero-day drive by hacks. What’s goin on here?
    Nothing is "impervious".  If you're really all that important and insist on using electronic devices you may be hacked, comes with the territory. If "they" want you bad enough they'll getcha. For the rest of us, the "common man" such as you and me, neither platform is a security risk IMO.

    TBH I doubt anyone here is important enough to bother worrying about it, though that won't stop a few souls from displaying their hand-wringing exercises anyway.
    I don't worry about anyone trying to surveil me.  My bigger concern is having my devices become part of a sleeper botnet used for DDoS attacks, mass social media misinformation campaigns, and similar.
    Oferwatto_cobra
  • Reply 11 of 12
    seneca72seneca72 Posts: 40member
    lkrupp said:
    So should we all switch to Android then because it’s impervious to these attacks? I mean, we never hear about journalists and politicians who use Android getting surveilled or compromised by zero-day drive by hacks. What’s goin on here?
    It's not stopped the Guardian having a go at Apple with nary a mention of Android, whilst quoting a variety of security researchers, Patrick Wardle being to the fore.  

    The sub-head indicates the line it takes: "The iPhone maker says it is keeping pace with malware, but the Pegasus project paints a worrying picture".

    https://www.theguardian.com/news/2021/jul/19/how-does-apple-technology-hold-up-against-nso-spyware
    watto_cobra
  • Reply 12 of 12
    I hope the NSO carries through with their threat to bring a lawsuit. It will be interesting to see what details get surfaced as part of the discovery process.
    watto_cobra
Sign In or Register to comment.