Pegasus hacking tool used to spy on journalists and activists
Human rights activists and journalists have been the subject of hacking attempts using NSO Group's Pegasus spyware, an investigation claims, with approximately 37 smartphones successfully hacked using the surveillance tool.
NSO Group is known for producing hacking tools, which are used by governments and law enforcement agencies around the world. The company's best-known tool is "Pegasus," spyware that can jailbreak a device like an iPhone, install malware, and allow the exporting of user data.
In an investigation by a group of 17 media organizations, it seems Pegasus is being used to attack critics of governments, rather than just against criminals. A leak, reported by The Guardian, includes a list of more than 50,000 phone numbers thought to have been people of interest for clients of NSO Group since 2016.
However, more than 180 numbers associated with journalists were included in the list, including reporters and executives at major outlets, including the Financial Times, CNN, and the New York Times.
If infected, Pegasus enabled a user to extract practically any data they wanted from the device, as well as to enable cameras and microphones in secret, read encrypted messages, and record phone calls. It was also possible for GPS coordinates to be acquired, allowing for live tracking and logging of where the target had been.
While the list of numbers uncovered by journalism non-profit Hidden Stories and Amnesty International does not guarantee that the devices in question were attacked with the software, it seems a high proportion may have undergone some form of surveillance.
Amnesty's Security Lab discovered traces of Pegasus activity on 37 out of 67 smartphones it examined that were linked to the list. The smartphones were sourced from journalists, human rights activists, and lawyers who appeared on the list.
In some cases, it was found that the time and date the person was added to the list was very close to any recorded activity on the device, sometimes within seconds.
A group of 10 governments are believed to be NSO clients adding numbers into the system, with the list including Azerbaijan, Kazakhstan, Rwanda, and the UAE, among others. Mexico is thought to have contributed the most numbers to the list at over 15,000 lines, with its use by multiple agencies the most likely reason for the high count.
The leaked data also suggests Pegasus was used by Saudi Arabia and the UAE to target smartphones of people close to murdered journalist Jamal Khashoggi for months after his death. A Turkish prosecutor investigating the death was also apparently considered a target for surveillance.
In a statement to The Verge, NSO denied the report's claims, insisting it was "full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources." The company firmly denies the report's claims and is apparently considering a defamation lawsuit as "these allegations are so outrageous and far from reality."
In October 2019, Facebook sued NSO Group over allegations the hacking tool producer used a vulnerability in WhatsApp to send malware to around 1,400 journalists. In April 2020, NSO Group claimed Facebook had previously approached the company in 2017 to potentially buy access to the software, specifically to gather data on Apple devices.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Read on AppleInsider
NSO Group is known for producing hacking tools, which are used by governments and law enforcement agencies around the world. The company's best-known tool is "Pegasus," spyware that can jailbreak a device like an iPhone, install malware, and allow the exporting of user data.
In an investigation by a group of 17 media organizations, it seems Pegasus is being used to attack critics of governments, rather than just against criminals. A leak, reported by The Guardian, includes a list of more than 50,000 phone numbers thought to have been people of interest for clients of NSO Group since 2016.
However, more than 180 numbers associated with journalists were included in the list, including reporters and executives at major outlets, including the Financial Times, CNN, and the New York Times.
If infected, Pegasus enabled a user to extract practically any data they wanted from the device, as well as to enable cameras and microphones in secret, read encrypted messages, and record phone calls. It was also possible for GPS coordinates to be acquired, allowing for live tracking and logging of where the target had been.
While the list of numbers uncovered by journalism non-profit Hidden Stories and Amnesty International does not guarantee that the devices in question were attacked with the software, it seems a high proportion may have undergone some form of surveillance.
Amnesty's Security Lab discovered traces of Pegasus activity on 37 out of 67 smartphones it examined that were linked to the list. The smartphones were sourced from journalists, human rights activists, and lawyers who appeared on the list.
In some cases, it was found that the time and date the person was added to the list was very close to any recorded activity on the device, sometimes within seconds.
A group of 10 governments are believed to be NSO clients adding numbers into the system, with the list including Azerbaijan, Kazakhstan, Rwanda, and the UAE, among others. Mexico is thought to have contributed the most numbers to the list at over 15,000 lines, with its use by multiple agencies the most likely reason for the high count.
The leaked data also suggests Pegasus was used by Saudi Arabia and the UAE to target smartphones of people close to murdered journalist Jamal Khashoggi for months after his death. A Turkish prosecutor investigating the death was also apparently considered a target for surveillance.
In a statement to The Verge, NSO denied the report's claims, insisting it was "full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources." The company firmly denies the report's claims and is apparently considering a defamation lawsuit as "these allegations are so outrageous and far from reality."
In October 2019, Facebook sued NSO Group over allegations the hacking tool producer used a vulnerability in WhatsApp to send malware to around 1,400 journalists. In April 2020, NSO Group claimed Facebook had previously approached the company in 2017 to potentially buy access to the software, specifically to gather data on Apple devices.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Read on AppleInsider
Comments
Stupid Apple for not taking this chance to hit that point over and over hard! Instead going with a wimpy "experts say we are safer". That's like a bad TV commercial statement.
The article is short on details except mentioning "through apps" and mentioning the vulnerability found in iMessage. Apple patched that vulnerability. So what other Apps were involved? I'll wager it isn't iOS but again if it is an app doing data tracking outside of the app usage, Apple should know this and pull it. Not naming Apps? That probably means there is a big name behind an app.
175 words to say "I haven't read the article, or have no critical thinking skills."
My take is that a number of Governments, many authoritarian, are violating the terms of NSO's contracts, and these violations are with respect to spying on world leaders, activists, and journalists.
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
"NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project, a collaborative investigation that involves more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories with technical support of Amnesty International’s Security Lab.[1]
Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware."
There's a better explained link of posts by John Scott-Railton, University of Toronto, CitizenLab
"@AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.
It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain’t solving.
Phone logs show that (at least some of) the iOS 13.x and 14.x zero-click exploits deployed by NSO Group involved ImageIO, specifically the parsing JPEG and GIF images. ImageIO has had more than a dozen high-severity bugs reported against it in 2021.
BlastDoor is a great step, to be sure, but it’s pretty lame to just slap sandboxing on iMessage and hope for the best. How about: “don’t automatically run extremely complex and buggy parsing on data that strangers push to your phone?!”
My take: I pay Apple a premium so I don’t have to worry about this kind of crap. You’ve been warned, Cupertino. Clock’s a-ticking.
TBH I doubt anyone here is important enough to bother worrying about it, though that won't stop a few souls from displaying their hand-wringing exercises anyway.
The sub-head indicates the line it takes: "The iPhone maker says it is keeping pace with malware, but the Pegasus project paints a worrying picture".
https://www.theguardian.com/news/2021/jul/19/how-does-apple-technology-hold-up-against-nso-spyware