Representative image. | Photo credit: iStock images
- The NSO Group is an Israel-based group set up by former Israeli intelligence officials, marketing surveillance software to government agencies.
- The first version of Pegasus, which was revealed in 2016, infiltrated phones via a technique known as spear-phishing – where a text or email was sent to a target that tricked them into clicking. on a malicious link.
- Zero-click attacks aim to exploit zero-day vulnerabilities in installed software or operating systems that developers or manufacturers are unfamiliar with
Dubbed by many as the most sophisticated mobile surveillance tool available, Pegasus, developed by Israeli company NSO Group, has once again become the center of attention following the leak of a list of some 50,000 phone numbers of suspected targets. to Paris-based journalism not profiting from Forbidden Stories and Amnesty International.
The list was shared with an international media consortium, including the Washington Post and the Guardian, among others. Security researchers have reportedly determined that attempts were made to install spyware on at least 37 phones of journalists, businessmen and activists.
What is the NSO group?
The NSO Group is an Israel-based group set up by former Israeli intelligence officials, marketing surveillance software to government agencies. Apparently founded in 2010, the company first rose to prominence when an Arab activist suspected his phone might have been compromised after receiving a suspicious message.
Since then, the NSO Group has been involved in various lawsuits and reports, including the hack of former Amazon CEO Jeff Bezos in 2019 and the mobile device of now-deceased journalist Jamal Khashoggi.
In 2019, the company drew a lawsuit from Facebook which alleged that the Pegasus tool had been used to spy on several activists and journalists in India. At the time, Facebook-owned WhatsApp notified affected users via a message.
How Pegasus Works
If Pegasus succeeds in infiltrating a target’s phone, it can effectively turn it into a 24-hour surveillance device. It accesses sent or received messages and photos and can record phone conversations.
It is also able to requisition the phone’s camera and microphone. In some cases, it may even have access to GPS information, allowing the supervisor to follow the movements of a target.
The first version of Pegasus, which appeared in 2016, infiltrated phones via a technique known as spear-phishing – where a text message or email was sent to a target that tricked them into clicking a malicious link that granted the spyware. permission to be installed on the target’s mobile device.
But the NSO Party’s capabilities have grown since then, and the latest version of Pegasus can, it seems, infiltrate a target’s phone without them needing to take any action.
These zero-click attacks aim to exploit zero-day vulnerabilities in installed software or operating systems that developers or manufacturers are unfamiliar with. In the 2019 hack, the spyware exploited a “zero day bug in the WhatsApp app, which would see users receive a WhatsApp call and have the malicious code installed on their phone even if they didn’t respond.” Likewise, Apple’s iMessage software has also fallen victim to Pegasus.
Claudio Guarnieri, director of Amnesty International’s Berlin-based Security Lab, also noted how spyware has become so sophisticated that it may be able to evade even forensic analysis. “Things are getting a lot more complicated for targets to notice,” he said, referring to the NSO Group’s shift from using SMS phishing attacks to install Pegasus to clickless attacks.
If spear-phishing or zero-click exploits are not possible, Pegasus can also be installed using a wireless transceiver – also known as an IMSY sensor – placed near the target which mimics legitimate cell towers and intercepts and manipulates mobile traffic on specific frequency bands.