Subscribe

Spyware researchers have captured what they say is a new exploit from NSO Group's Pegasus surveillance tool targeting iPhones and other Apple devices through iMessage, in yet another sign that chat apps have become a popular way to hack into the devices of political dissidents and human rights activists.

Apple is issuing a patch on Monday to close the exploit discovered by researchers at Citizen Lab who, they said, found the hack in the iPhone records of a Saudi political activist and alerted the company to the problem.

This is the first time since 2019 that the malicious code used in a Pegasus hack has been discovered by researchers and offers new insights into the techniques of the company, highlighted in July by The Pegasus Project, a multipart global investigation by The Washington Post and 16 other news organizations.

The researchers declined to name the Saudi activist who was targeted, at the person's request. They also did not reveal what NSO governmental client they believe deployed Pegasus against this person. They did say that the hacking technique used, which they called FORCEDENTRY, has been active since February and can invade Apple iPhones, MacBooks and Apple Watches secretly in what's called a "zero-click attack" - something of a specialty for NSO, which is based in Israel.

"We wouldn't have discovered this exploit if NSO's tool wasn't used against somebody they shouldn't be targeting," said John Scott-Railton, a researcher for Citizen Lab, based at the University of Toronto's Munk School of Global Affairs and Public Policy.

He added, "Chat programs are quickly becoming a soft underbelly of device security."

Apple did not immediately respond to a request for comment.

NSO Group says it licenses its Pegasus spyware tool to government agencies and police forces around the world to investigate major crimes. But the Pegasus Project investigation and earlier reports by Citizen Lab found that the tool had also been used to target political dissidents, business leaders, journalists and human rights activists.

As part of the Pegasus Project, forensic analyses revealed that 67 phones had shown signs of a successful Pegasus infection or intrusion attempt. Amnesty International's Security Lab, a technical partner of the investigation, said last week that it has confirmed infections or traces of Pegasus spyware in 15 additional phones since the stories were first published in July, including a phone belonging to British human-rights activist David Haigh.

Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International, a human rights group, helped coordinate the investigation and run forensic analyses on smartphones.

Monday's findings by Citizen Lab could renew pressure on NSO Group and Israel, which approves Pegasus export licenses. Israel's foreign minister, Yair Lapid, said earlier this month the government would review NSO's work to ensure "nobody is misusing anything that we sell."

A top adviser to President Joe Biden discussed the spyware during a July meeting with a senior official with Israel's Ministry of Defense, and members of Congress have called on the White House to push forward on regulations, sanctions and other investigations designed to address the spyware's misuse.

(Pixabay)

Sign Up for Daily Headlines

Sign up to receive a daily email of today's top military news stories from Stars and Stripes and top news outlets from around the world.

Sign Up Now