Report: Pegasus Spyware Sold to Governments Uses Zero Click IMessage Exploitation to Infect iPhones Running iOS 14.6
Occupying governments have targeted journalists, lawyers and human rights activists around the world using phone malware developed by the Israeli watchdog NSO Group, according to several media reports.
Investigations by 17 media organizations and Amnesty International’s security lab have revealed massive data leaks, suggesting that commercial hacking could affect spyware, Pegasus, which can infect iPhones and Android devices, and attack. Users can be enabled to extract messages, emails, and media, and record calls and turn on the microphone secretly.
The leak contains a list of more than 50,000 phone numbers believed to have been identified by NSO clients. The Paris-based non-profit media organization, and Amnesty International’s Forbidden Stories, Access to Stories, has gained access to the list with media partners as part of the PASAS Project Reporting Consortium. Forensic tests on some of the numbered phones indicated that more than half had traces of spyware.
The company behind the software, NSO, denies any wrongdoing and claims that its product is intended for use against criminals and terrorists, and that it is only for the military, the law. Only available to law enforcement and intelligence agencies.
In a statement issued to media organizations in response to the Pegasus Project, the NSO said that the actual investigations that led to the reports were “full of misconceptions and incoherent theories.”
NSO does not operate the systems it sells to government customers it tests, and it does not have access to its customer target data. NSO operates its technology, does not collect it, does not own it, and does not have access to any of its users’ data. Due to the agreement and national security concerns, the NSO cannot verify or deny the identities of our official users as well as those users whose systems we have shut down.
In the first version of the spyware, the monitoring activity depends on the phone user clicking on the malicious link sent in the text or email (so-called “spare phishing”). However, the recently discovered version does not require user interaction and can exploit the risks of bugs or bugs – “zero-click” – to succeed in the OS.
For example, Amnesty’s Security Lab and Citizen Lab have found that iPhones running iOS 14.6 can be hacked with a zero-click IMASTEGE exploit to install Pegasus. Apple has been contacted for comment and we will update this article if we hear anything.
This also indicates that Apple has a problem with the flashing red five alarm fire with iMessage security introduced in their Blast Door Framework (iOS 14) to make zero total exploitation more difficult. There is no solution. – Bill Marzac (@ Belmarzak) July 18, 2021
Meanwhile, the media organizations involved in the project intend to reveal the identities of those who will be added to the list in the coming days. They are said to include hundreds of business officials, religious figures, academics, NGO employees, union officials and government officials. The revelations, which began on Sunday, have already revealed that more than 180 journalists are already included in the figures.
WhatsApp filed a lawsuit against NSO in 2019 alleging that the company was behind cyber attacks on thousands of Pegasus mobile phones. The NSO has denied any wrongdoing, but the company has been banned from using the WhatsApp.
Note: Due to the political or social nature of the debate on this topic, the debate is located in our Political News Forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.