NSO Group’s Pegasus spyware breached the iPhone’s storied defenses

An investigation from French journalism nonprofit Forbidden Stories and Amnesty International uncovered a list of 50,000 phone numbers from 50 countries that have been targeted and possibly breached by Israeli firm NSO Group’s Pegasus spyware.

The problem: NSO Group’s spyware enables the remote monitoring of smartphones. The Israeli government classifies Pegasus as a weapon and requires military permission to license it to other governments. The Amnesty report claims NSO’s customers used Pegasus to target human rights advocates, journalists, and public officials around the world.

The hacks, which targeted iPhones and Android phones alike, are initiated with “zero-click” attacks, which don’t require the victim to click a link or access their phone like in a traditional phishing attack.

• The spyware unlocks root access to a device, meaning the user can see the target’s emails, call logs, social media, passwords, pictures, video, sound recordings, and browsing history—including apps with end-to-end encryption, like WhatsApp and Signal, per WaPo.
• Of the 34 iPhones examined by Amnesty’s Security Lab, 23 were found to have been successfully breached by Pegasus.

Looking ahead: Apple has worked hard to establish a reputation for delivering complete and absolute privacy to the users of its products, and news like this jeopardizes that perception.—JM