It’s today been reported that Pegasus spyware hacked iPhones belonging to senior European Union officials, including that of the European Justice Commissioner.

NSO denies that its spyware was used, though the company’s past contradictory statements don’t lend the denial too much credibility …

Background

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, simply receiving a particular iMessage – without opening it or interacting with it in any way – could allow an iPhone to be compromised, with most personal data exposed.

Apple patches vulnerabilities as they come to light, while NSO purchases details of new ones. The Cupertino company now also proactively looks for signs that iPhones have been compromised by Pegasus, and sends an alert to victims.

Pegasus spyware hacked iPhones of senior EU officials

Reuters reports that it was alerts from Apple that led to the EU attacks being identified.

Senior officials at the European Commission were targeted last year with spy software designed by an Israeli surveillance firm, according to two EU officials and documentation reviewed by Reuters.

Among them was Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019, according to one of the documents. At least four other commission staffers were also targeted […]

The commission became aware of the targeting following messages issued by Apple to thousands of iPhone owners in November telling them they were “targeted by state-sponsored attackers,” the two EU officials said. 

As non-tech employees would not necessarily understand the severity of this warning, a senior tech staffer emailed details of the Pegasus threat, and asked everyone to look out for this message from Apple.

It is unclear at present which country used Pegasus to carry out these attacks.

The NSO group claimed the attacks “could not have happened with NSO’s tools.” While we wouldn’t give much credence to this, Reuters does report that an almost identical piece of spyware is also sold by fellow Israeli company QuaDream.

The US has already banned the import and use of Pegasus, and it’s being suggested that this incident may lead the European Union to do the same.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear