New evidence uncovered by Amnesty International and Forbidden Stories has revealed a massive wave of attacks by cyber surveillance company NSO Group’s customers on iPhones, potentially affecting thousands of Apple users worldwide.
Deputy Director of Amnesty Tech Danna Ingleton said:
“Apple prides itself on its security and privacy features, but NSO Group has ripped these apart. Our forensic analysis has uncovered irrefutable evidence that through iMessage zero-click attacks, NSO’s spyware has successfully infected iPhone 11 and iPhone 12 models. Thousands of iPhones have potentially been compromised.
“These attacks have exposed activists, journalists and politicians all over the world to the risk of having their whereabouts monitored, and their personal information and used against them.
“This is a global concern – anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand.
“NSO Group can no longer hide behind the claim that its spyware is only used to fight crime. There is overwhelming evidence that NSO spyware is being systematically used for repression and other human rights violations. NSO Group must immediately stop selling its equipment to governments with a track record of abusing human rights.
“These findings show that the surveillance industry is out of control. States must immediately implement a global moratorium on the export, sale and use of surveillance equipment until a human rights-compliant regulatory framework is in place.”
NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale, according to a major investigation into the leak of 50,000 phone numbers of potential surveillance targets. These include heads of state, activists and journalists, including Jamal Khashoggi’s family.
The Pegasus Project is a ground-breaking collaboration by more than 80 journalists from 17 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, who conducted cutting- edge forensic tests on mobile phones to identify traces of the spyware.
The investigation today revealed that Pegasus zero-click attacks have been used to install spyware on iPhones.
Amnesty International was able to confirm that thousands of iPhones were listed as potential targets for Pegasus spyware, though it was not possible to confirm how many were successfully hacked.
Thousands of Google Android phones were also selected for targeting, but unlike iPhones their operating systems do not keep accessible logs useful for detecting Pegasus spyware infection. Among the Apple products successfully infected were iPhone 11 and iPhone 12 models, equipped with the latest updates which were believed to have high levels of security.
Israeli surveillance company NSO Group is bankrolled by major private equity firms Novalpina Capital and Francisco Partners, with numerous investors behind them. Pension firms in the UK and US also have a stake in the rights abusing company.