The Pegasus software from Israeli firm NSO
Group has been under intense scrutiny since an international media
investigation claimed it was used to spy on the phones of human rights
activists, journalists, and even heads of state.
Researchers at Citizen Lab, a cybersecurity
watchdog organisation in Canada, found the problem while analysing a Saudi
activist's phone that had been compromised with the code.
"We determined that the mercenary spyware
company NSO Group used the vulnerability to remotely exploit and infect the
latest Apple devices with the Pegasus spyware," Citizen Lab wrote in a
post.
In March Citizen Lab examined the activist's
phone and determined it was hacked with Pegasus spyware introduced via iMessage
texting and that it didn't even require the phone's user to so much as click.
Hours after releasing the fix, Apple said it
had "rapidly" developed the update following Citizen Lab's discovery
of the problem.
"Attacks like the ones described are
highly sophisticated, cost millions of dollars to develop, often have a short
shelf life, and are used to target specific individuals," the company
said.
NSO did not dispute Pegasus had prompted the
urgent software upgrade, and said in a statement that it would "continue
to provide intelligence and law enforcement agencies around the world with life
saving technologies to fight terror and crime."
No click needed
Pegasus has evolved to become more effective
since it was uncovered by Citizen Lab and cyber security firm Lookout five
years ago.
Pegasus can be deployed as a "zero-click
exploit," meaning that the spyware can install itself without the victim
even clicking a booby-trapped link or file, according to Lookout senior manager
Hank Schless.
"Many apps will automatically create a
preview or cache of links in order to improve the user experience,"
Schless said.
"Pegasus takes advantage of this
functionality to silently infect the device."
UN experts recently called for an
international moratorium on the sale of surveillance technology until
regulations are implemented to protect human rights following an Israeli
spyware scandal.
An international media investigation reported
in July that several governments used the Pegasus malware, created by NSO
Group, to spy on activists, journalists, and politicians.
Pegasus can switch on a phone's camera or
microphone and harvest its data.
"It is highly dangerous and irresponsible
to allow the surveillance technology and trade sector to operate as a human
rights-free zone," the United Nations human rights experts said in a
statement at the time.
The statement was signed by three special rapporteurs
on rights and a working group on the issue of human rights and transnational
corporations and other businesses.
Israel's defense establishment has set up a
committee to review NSO's business, including the process through which export
licences are granted.
NSO insists its software is intended for use
only in fighting terrorism and other crimes, and says it exports to 45
countries.
0 comments:
Post a Comment