NSO Group, maker of Pegasus spyware for iPhone and Android
NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.
In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.
NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted. A report by Amnesty International that said that Pegasus was being used to mount zero-click attacks against human rights activists and other innocent targets.
An explosive report from Amnesty International interpreted device logs to reveal the scope of targeted malware attacks in active use targeting Android and iPhone devices, since July 2014 and as recently as July 2021. Exploited devices can secretly transmit messages and photos stored on the phone, as well as record phone calls and secretly record from the microphone. The attack is sold by Israeli firm NSO Group as ‘Pegasus’.
Whilst the company claims to only sell the spyware software for legit counterterrorism purposes, the report indicates it has actually been used to target human rights activists, lawyers and journalists around the world (as many have long suspected).
In July 2021, Apple issued an iOS security fix that appears to match the exploit reportedly used by NSO, though security researchers say that Apple needs to do more.
NSO initially made contradictory statements, first saying that it had no way to monitor how its software was used, and subsequently denying that it was used against the targets described in Amnesty’s report. It then said it would issue no further statements, and would not be answering any questions from the media.
The US government banned the import and use of Pegasus, depriving the company of its most lucrative customer base: US law enforcement agencies. Apple added to the pressure, suing the company, and alerting owners of infected iPhones. That put the company under extreme financial pressure, which may see it disappear – or may just make things worse.
For those most at risk – such as diplomats, politicians, government opponents, and activists – Apple has made available iPhone Lockdown Mode, which disables the most common attack paths.