NSO, the Israeli technology company has been working with governments around the world by selling them robust surveillance systems. The tool, named Pegasus, unlocks the contents of a victim’s cellphone and allows hackers to view or do anything on the device. While the tool seems dangerous, the NSO says it licenses the tool exclusively to government agencies to combat terrorism and other serious crimes.
While the public generally believed NSO was harmless as they focus on ‘bad actors’, recent reports confirm that there has been a leak at NSO showing they aren’t just spying on criminals. Some publications revealed they’ve been sent the leaked data and will be publishing many of those names later this week. The list of those surveilled includes lawyers, human rights defenders, religious figures, academics, business people, diplomats, senior government officials, and heads of state.
Once the malware makes its way into your device, generally without your knowledge, it turns into a 24-hour surveillance device. This type of malware is called ‘Spyware‘. This Spyware can (on both iOS and Android) copy messages you send or receive, harvest photos, and record your calls. Pegasus can covertly record you through your camera, or activate the microphone to record your conversations. The tool can potentially even pinpoint where you are, where you’ve been, and who you’ve met.
The malware gets into your device through smishing attacks, but recent reports show their capabilities have become more advanced. Pegasus exploits can now be accomplished through ‘zero-click’ attacks, which don’t require any user input to work. These often exploit ‘zero-day’ vulnerabilities, which are bugs in an operating system that the manufacturer is unaware of and has not yet fixed.
Back in 2019, WhatsApp reported that NSO software was used to send malware to 14,000+ devices, exploiting a zero-day vulnerability. NSO was able to have the malware infect a device by simply calling a user through WhatsApp, even if the victim did not pick up. Recently, NSO began exploiting vulnerabilities in Apple’s iMessage software, giving it backdoor access to hundreds of millions of iPhones. Apple says it is continually patching its systems to prevent privacy attacks like these.