The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind as an iMessage from somebody she didn’t know delivered malware directly onto her phone — and past Apple’s security systems.
Once inside, the spyware, produced by Israel’s NSO Group and licensed to one of its government clients, went to work, according to a forensic examination of her device by Amnesty International’s Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO’s signature surveillance tool, during a time when she was in France.
Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.
And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.”
The instance described above is the tip of the iceberg, one story among many, a small part of a massive story that broke over the weekend. A few reads to get a sense of this:
Here’s Amnesty International’s original report, filled with detail, the source of much of this information.
This post from The Guardian dives into details on the hack, with a map (about halfway down) that shows in what parts of the world these hacks were concentrated.
From that Guardian post:
NSO has always maintained it “does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets”.
In statements issued through its lawyers, NSO denied “false claims” made about the activities of its clients, but said it would “continue to investigate all credible claims of misuse and take appropriate action”. It said the list could not be a list of numbers “targeted by governments using Pegasus”, and described the 50,000 figure as “exaggerated”.
The Guardian and its media partners will be revealing the identities of people whose number appeared on the list in the coming days. They include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.
And, regarding iPhone specific attacks:
Guarnieri has identified evidence NSO has been exploiting vulnerabilities associated with iMessage, which comes installed on all iPhones, and has been able to penetrate even the most up-to-date iPhone running the latest version of iOS. His team’s forensic analysis discovered successful and attempted Pegasus infections of phones as recently as this month.
Looking forward to official Apple comment on this situation.