In late December 2020, Patently Apple posted a report titled “Israeli Spyware, possibly used by the Saudi Arabian Government, was able to target iPhones of Al-Jazeera journalists. The spyware reportedly being used was Pegasus from NGO. It’s believed the software was used against journalist Jamal who was brutally murdered by a team of Saudi security forces.
Flash forwarding to today and we’re learning more about Pegasus spyware breaching Apple’s iOS security once again. A new report by Amnesty International published on Sunday claims that journalists of over 16 media outlets along with human right activists, lawyers and Politian’s worldwide have been snooped on by “authoritarian governments” using hacking supplied by the Israeli NSO Group.
The Pegasus Project is a ground-breaking collaboration by more than 80 journalists from 17 media organizations in ten countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, which conducted cutting-edge forensic tests on mobile phones to identify traces of the spyware.
The report went on to state that “Clearly, their actions pose larger questions about the wholesale lack of regulation that has created a wild west of rampant abusive targeting of activists and journalists. Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology.”
From the leaked data and their investigations, Forbidden Stories and its media partners identified potential NSO clients in 11 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates.
Amnesty Internationals full report mentions Apple’s iPhone 26 times. In the first mention, the report noted that “Most recently, a successful ‘zero-click’ attack has been observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July 2021.
In response, NGO Group replied by stating that the Amnesty International report was based on “wrong assumptions” and “uncorroborated theories” and reiterated that the company was on a “life-saving mission.”
Supporting this, NGO’s website Claims: “NSO creates technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe.
Terrorists, drug traffickers, pedophiles, and other criminals have access to advanced technology and are harder to monitor, track, and capture than ever before.
The world’s most dangerous offenders communicate using technology designed to shield their communications, while government intelligence and law-enforcement agencies struggle to collect evidence and intelligence on their activities.
Due to these ongoing global concerns, the member nations of the Five Eyes (FVEY) intelligence alliance warn that, ‘The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention.”
Depending on what side of the argument you stand on, NGO makes a powerful counter argument for needing sophisticated software to stay ahead of criminals and terrorists. Benefits that Amnesty International refuses to acknowledge.
With that said, Amnesty’s report mentioning the iPhone 26 times has forced Apple to officially respond to the report. In a statement issued today, Ivan Krstić, head of Apple security engineering and architecture, stated that breaches from the likes of Pegasus weren’t a threat to average iPhone users.
Krstić added that “Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation, and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market.”