- 19 Jul 21
Despite Apple's proclamations in relation to the security of their phones, spyware was able to bypass these measures. The news is likely to heap further pressure on the Israel-based producers of spyware, the NSO Group...
The Israeli NSO Group's spyware software has been used to successfully hack Apple iPhones, it emerged today, despite the tech company's claims regarding the effectiveness of the security features on Apple products.
New evidence uncovered by Amnesty International and Forbidden Stories, shows that the various customers of NSO conducted a massive wave of attacks on iPhones and iPhone users worldwide.
"Apple prides itself on its security and privacy features, but NSO Group has ripped these apart," said Deputy Director of Amnesty Tech, Danna Ingleton.
"These attacks have exposed activists, journalists and politicians all over the world to the risk of having their whereabouts monitored and their personal information and used against them.
"Our forensic analysis has uncovered irrefutable evidence that NSO’s spyware has successfully infected iPhone 11 and iPhone 12 models through iMessage zero-click attacks. Thousands of iPhones have potentially been compromised."
This startling news comes after headlines earlier today about The Pegasus Project (which is supported by Amnesty) discovering that authoritarian governments hacked activists' phones, using the spyware the NSO Group sold to them.
Itr is not clear how many of hte 50,000 individuals targeted were using iPhones.
"I haven't seen any confirmation," said Dr Katherine O'Keefe, who is the Chief Ethicist, Lead Data Governance & Data Protection Consultant at Castlebridge, "but it's likely that some Irish people may well have been caught up in this.
"This is another example of how any spyware tools or backdoor accesses that may be given to governments and law enforcement agencies can, and will, be used against innocents and others that someone decides may be a threat to their power.
"We are only one election away from an oppressive state in any country. This is one of the reasons that the EU's ePrivacy Directives focus strongly on the confidentiality of communications, and that privacy and data protection are fundamental rights in the EU."
50,000 phone numbers that had been targeted for potential hacking were leaked, sparking the investigation, featuring the phone numbers of heads of state, activists and journalists, including the now-deceased journalist Jamal Khashoggi and his family.
Amnesty International’s Security Lab found that Khashoggi's phone was targeted by Pegasus software before and after his assassination in 2018 by Saudi Arabian operatives.
Khashoggi's wife and son were then also earmarked by other users of the software, following his death.
The NSO Group responded to these revelations insisting that their "technology was not associated in any way with the heinous murder of Jamal Khashoggi."
They also stated that they have "previously investigated this claim, immediately after the heinous murder, which again, is being made without validation."
Activists and human rights defenders are unlikely to be fobbed off by NSO's denials – which are no more than par for the course. The reality is that if you sell malicious spyware to authoritarian governments or agencies, it will be used to target opponents of the regime. The suggestion that NSO are blissfully unaware of this inevitability stretches credulity way beyond its limits.
Colm O’Gorman, Executive Director of Amnesty International Ireland, was blunt in his assessment. "The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril," he told Hot Press.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology. While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations.
“Clearly, their actions pose larger questions about the wholesale lack of regulation that has created a Wild West of rampant abusive targeting of activists and journalists.
"Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology.”