More recently NSO has begun exploiting vulnerabilities in Apple's iMessage software, giving it backdoor access to hundreds of millions of iPhones.Īpple says it is continually updating its software to prevent such attacks, though human rights group Amnesty says it has uncovered successful attacks on even the most up-to-date iOS systems - carried out this month.
Users were infected when a call was placed via WhatsApp to their phones, whether they answered the call or not. Pegasus can also be used to take control of the phone's camera or microphone to record video and audio, and can access GPS data to check where the phone's owner has been.Īnd it can also be used to record any new incoming or outgoing phone calls.Įarly versions of the virus infected phones using crude 'phishing' attacks in which users are conned into downloading the virus on to their own phones by clicking on a malicious link sent via text or email.īut researchers say the software has become much more sophisticated, exploiting vulnerabilities in common phone apps to launch so-called 'zero-click' attacks which can infect devices without the user doing anything.įor example, in 2019 WhatsApp revealed that 1,400 people had been infected by NSO Group software using a so-called 'zero day' fault - a previously unknown error - in the call function of the app. This includes accessing contact lists, emails, and text messages, along with stored photos, videos and audio files. While most spyware is limited in scope - harvesting data only from specific parts of an infected system - Pegasus appears much more powerful, allowing its controller near-unlimited access to and control over an infected device. This particular form of malware is known as 'spyware', meaning it is designed to gather data from an infected device without the owner's knowledge and forward it on to a third party. Pegasus is a powerful piece of 'malware' - malicious computer software - developed by Israeli security firm NSO Group. The leak appeared to confirm Saudi involvement in the murder.Īnother key figure on the list was Roula Khalaf, who became the Financial Times' first female editor last year, and according to The Guardian was selected as a potential target throughout 2018.Īnalysis of the data suggests Khalaf's phone was selected as a possible target by the United Arab Emirates (UAE) while she was deputy editor at the Financial Times. Her phone - as well as that of a second female associate - was allegedly targeted before his death. One of those targeted was Hanan Elatr, the wife of Saudi-born Washington Post journalist Jamal Khashoggi, who was murdered by a Saudi hit squad in 2018.
The use of the software, called Pegasus and developed by Israel's NSO group, was exposed in a data leak containing 50,000 phone numbers that belong to people targeted by NSO's clients since 2016.Īmong those clients are some of the world's most-repressive government regimes, including Hungary, Saudi Arabia, and Morocco. Activists, journalists and politicians around the world have been spied on using cellphone malware developed by a private Israeli firm, it emerged Sunday, igniting fears of widespread privacy and rights abuses.