Pegasus Project: thousands of iPhones potentially compromised by NSO spyware
‘Zero-click’ attacks have been used to install the almost-invisible spyware on iPhones
iPhone 11 and iPhone 12 models infected
‘These findings show that the surveillance industry is out of control’ - Danna Ingleton
New evidence uncovered by Amnesty International and Forbidden Stories has revealed a massive wave of attacks by cyber surveillance company NSO Group’s customers on iPhones, potentially affecting thousands of Apple users worldwide.
Danna Ingleton, Deputy Director of Amnesty Tech, said:
“Apple prides itself on its security and privacy features, but NSO Group has ripped these apart.
“Our forensic analysis has uncovered irrefutable evidence that through iMessage zero-click attacks, NSO’s spyware has successfully infected iPhone 11 and iPhone 12 models. Thousands of iPhones have potentially been compromised.
“These attacks have exposed activists, journalists and politicians all over the world to the risk of having their whereabouts monitored, and their personal information used against them.
“This is a global concern - anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand.
“NSO Group can no longer hide behind the claim that its spyware is only used to fight crime. There is overwhelming evidence that NSO spyware is being systematically used for repression and other human rights violations. NSO Group must immediately stop selling its equipment to governments with a track record of abusing human rights.
“These findings show that the surveillance industry is out of control. States must immediately implement a global moratorium on the export, sale and use of surveillance equipment until a human rights-compliant regulatory framework is in place.”
Massive scale of surveillance
NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale, according to a major investigation into the leak of 50,000 phone numbers of potential surveillance targets. These include heads of state, activists and journalists, including Jamal Khashoggi’s family.
The Pegasus Project is a ground-breaking collaboration by more than 80 journalists from 17 media organisations in ten countries coordinated by Forbidden Stories, a Paris-based media non-profit organisation, with the technical support of Amnesty, who conducted forensic tests on mobile phones to identify traces of the spyware.
The investigation revealed that Pegasus zero-click attacks have been used to install spyware on iPhones. Amnesty was able to confirm that thousands of iPhones were listed as potential targets for Pegasus spyware, though it was not possible to confirm how many were successfully hacked.
Thousands of Google Android phones were also selected for targeting, but unlike iPhones their operating systems do not keep accessible logs useful for detecting Pegasus spyware infection. Among the Apple products successfully infected were iPhone 11 and iPhone 12 models, equipped with the latest updates which were believed to have high levels of security.
Israeli surveillance giant NSO Group is bankrolled by major private equity firm Novalpina Capital with numerous investors behind them. It was previously financed by Francisco Partners. Pension firms in the UK and US also have a stake in the company.