“Clickless” exploits from Israeli firm hacked activists’ fully updated iPhones
Smartphones belonging to more than three dozen journalists, human rights activists, and business executives have been infected with powerful spyware that an Israeli firm sells, purportedly to catch terrorists and criminals, The Washington Post and other publications reported.
The handsets were infected with Pegasus, full-featured spyware developed by NSO Group. The Israel-based exploit seller has come under intense scrutiny in recent years after repressive governments in the United Arab Emirates, Mexico, and other countries have been found using the malware against journalists, activists, and other groups not affiliated with terrorism or crime.
Pegasus is frequently installed through “zero-click” exploits, such as those sent by text messages, which require no interaction from victims. After the exploits surreptitiously jailbreak or root a target's iPhone or Android device, Pegasus immediately trawls through a wealth of the device's resources. It copies call histories, text messages, calendar entries, and contacts. It is capable of activating the cameras and microphones of compromised phones to eavesdrop on nearby activities. It can also track a target's movements and steal messages from end-to-end encrypted chat apps.
According to research jointly done by 17 news organizations, Pegasus infected 37 phones belonging to people who don’t meet the criteria NSO says is required for its powerful spyware to be used. Victims included journalists, human rights activists, business executives, and two women close to murdered Saudi journalist Jamal Khashoggi, according to The Washington Post. Technical analysis from Amnesty International and the University of Toronto’s Citizen Lab confirmed the infections.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25417952/transformers_megatron.jpg){kind=spacer}
