Pegasus spyware used to post private photos of female journalists
(Stock image, not one of the stolen photos)

NSO’s Pegasus spyware has reportedly been used by governments to obtain private photos from the phones of female journalists and activists.

These photos were then posted online with the aim of attacking their reputation, in at least one case by falsely suggesting that a bikini photo was taken at the home of a journalist’s boss …


The extent to which NSO’s Pegasus spyware has been used by repressive governments came to light in a report by Amnesty International. Simply receiving a particular iMessage could be enough to infect an iPhone, with no user interaction required.

Apple defended the security of iPhones, but raised eyebrows when it appeared unconcerned about taking the steps needed to make such exploits harder to achieve.

Apple did release a security fix in iOS 14.7.1, which is widely believed to be designed to block the particular attack vector used by NSO in the past, but the company is sure to be working on a replacement method.

NSO issued contradictory statements but has now blocked a number of governments from using the spyware.

Pegasus spyware used to steal compromising photos

NBC News reports.

Ghada Oueiss, a Lebanese broadcast journalist at Al-Jazeera, was eating dinner at home with her husband last June when she received a message from a colleague telling her to check Twitter. Oueiss opened up the account and was horrified: A private photo taken when she was wearing a bikini in a jacuzzi was being circulated by a network of accounts, accompanied by false claims that the photos were taken at her boss’s house.

Over the next few days she was barraged with thousands of tweets and direct messages attacking her credibility as a journalist, describing her as a prostitute or telling her she was ugly and old. Many of the messages came from accounts that appeared to support Saudi Crown Prince Mohammed bin Salman Al Saud, known as MBS, including some verified accounts belonging to government officials.

“I immediately knew that my phone had been hacked,” said Oueiss, who believes she was targeted in an effort to silence her critical reporting on the Saudi regime. “Those photos were not published anywhere. They were only on my phone.”

“I am used to being harassed online. But this was different,” she added. “It was as if someone had entered my home, my bedroom, my bathroom. I felt so unsafe and traumatized.”

Oueiss is one of several high-profile female journalists and activists who have allegedly been targeted and harassed by authoritarian regimes in the Middle East through hack-and-leak attacks using the Pegasus spyware, created by Israeli surveillance technology company NSO Group.

The piece points out that, even without false allegations, publication of what would be seen as innocent photos in the west can be damaging in Middle Eastern countries.

While these photos may seem tame by Western standards, they are considered scandalous in conservative societies like Saudi Arabia and were seemingly used to publicly shame these women and smear their reputations.

Photo: Ralph (Ravi) Kayden/Unsplash

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear