India’s parliament also erupted in protests as opposition lawmakers accused Prime Minister Narendra Modi’s government of using NSO Groups’ product to spy on political opponents and others.įrance is also trying to get to the bottom of allegations that President Emmanuel Macron and members of his government may have been targeted in 2019 by an unidentified Moroccan security service using Pegasus.
The recent revelations also prompted calls for an investigation into whether Hungary’s right-wing government used Pegasus to secretly monitor critical journalists, lawyers and business figures.
The CIA attributed the murder to the Saudi government. One case involved the fiancee of Washington Post journalist Jamal Khashoggi just four days after he was killed in the Saudi Consulate in Istanbul in 2018. Amnesty International said it confirmed 37 successful Pegasus infections based on a leaked targeting list whose origin was not disclosed. In July, a global media consortium published a damning report on how clients of NSO Group have been spying for years on journalists, human rights activists, political dissidents, and people close to them, with the hacker-for-hire group directly involved in the targeting. federal court for allegedly targeting some 1,400 users of the encrypted messaging service with spyware. In October 2019, Facebook sued NSO in U.S. “If Pegasus was only being used against criminals and terrorists, we never would have found this stuff,” said Marczak.įacebook’s WhatsApp was also allegedly targeted by an NSO zero-click exploit. The researchers said it also undermines NSO Group's claims that it only sells its spyware to law enforcement officials for use against criminals and terrorists and audits its customers to ensure it's not abused. “And it’s why it’s so important that companies focus on making sure that they are as locked down as possible.” “Chat apps are increasingly becoming a major way that nation-states and mercenary hackers are gaining access to phones,” he said. Researcher John Scott-Railton said the news highlights the importance of securing popular messaging apps against such attacks.
It urged people to immediately install security updates.
Those who want to jump the gun can go into the phone settings, click “General” then “Software Update,” and trigger the patch update directly.Ĭitizen Lab called the iMessage exploit FORCEDENTRY and said it was effective against Apple iOS, MacOS and WatchOS devices. Users should get alerts on their iPhones prompting them to update the phone's iOS software. Apple didn’t respond to questions regarding whether this was the first time it had patched a zero-click vulnerability. In a subsequent statement, Apple security chief Ivan Krstić commended Citizen Lab and said such exploits “are not a threat to the overwhelming majority of our users.” He noted, as he has in the past, that such exploits typically cost millions of dollars to develop and often have a short shelf life. It said it was aware that the issue may have been exploited and cited Citizen Lab.
In a blog post, Apple said it was issuing a security update for iPhones and iPads because a “maliciously crafted” PDF file could lead to them being hacked.
He said the malicious file causes devices to crash.Ĭitizen Lab says the case reveals, once again, that NSO Group is allowing its spyware to be used against ordinary civilians. It was discovered during a second examination of the phone, which forensics showed had been infected in March. Malicious image files were transmitted to the activist’s phone via the iMessage instant-messaging app before it was hacked with NSO’s Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said. The targeted activist asked to remain anonymous, they said.įacebook Misses ‘Blatant' Election Misinfo in Brazil Ads, Report Finds It was the first time a so-called “zero-click” exploit - one that doesn't require users to click on suspect links or open infected files - has been caught and analyzed, the researchers said. NSO Group responded with a one-sentence statement saying it will continue providing tools for fighting “terror and crime.” The previously unknown vulnerability affected all major Apple devices - iPhones, Macs and Apple Watches, the researchers said.
They said they had high confidence that the world’s most infamous hacker-for-hire firm, Israel’s NSO Group, was behind that attack. Researchers at the University of Toronto's Citizen Lab said the security issue was exploited to plant spyware on a Saudi activist's iPhone.
Apple released a critical software patch to fix a security vulnerability that researchers said could allow hackers to directly infect iPhones and other Apple devices without any user action.