More on the Pegasus Project

Since I last wrote about the NSO Group’s Pegasus mobile spyware last summer, there have been several new developments that show just how insidious the software is and how pervasive its use around the world.

Pegasus can be placed directly onto a target’s smartphone without any user interaction and can then start tracking a phone’s location and operations. Last year a consortium of journalists revealed who was using the spyware after doing extensive forensic research on dozens of phones. This resulted in the US Commerce Department putting NSO on a block list, the DoJ beginning investigations and Apple suing the company. Then we saw two developments from last December: first, Apple notified a bunch of US State Department employees in Uganda that their phones have been hacked. And Pegasus was found to be used to track Jamal Khashoggi and residue was found on one of his wives’ phones.

There were other reports that the FBI had tried out Pegasus but didn’t actively use it, or at least not that anyone could prove. And that a security researcher had decompiled several code samples and documentation.

Just recently, the Citizen Lab — one of the research groups involved in last summer’s project — found more cases of Pegasus used on dozens of Catalan phones, probably at the direction of various government entities in Spain. One of the researchers found a previously-unknown iOS zero-click exploit. The more we find out about Pegasus, the more I am convinced this tool spells trouble.

Again, I want to emphasize that your chances of getting infected with Pegasus are very, very low. But it does seem to crop up frequently enough, and now in places that you would think would be curious as they are free, democratic countries. NSO representatives continue to maintain that they carefully vet their potential customers and say its software is intended to investigate terrorists and potential criminals. But given that its residue has been found on phones of political figures, journalists and human rights workers, I wonder how careful this vetting process really is.

2 thoughts on “More on the Pegasus Project

  1. Thanks for writing about this, David. I also covered Pegasus on last night’s Techtonic episode, talking about Ronan Farrow’s just-published New Yorker article on Pegasus called “How Democracies Spy on Their Citizens.” https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens

    Excerpt: “Pegasus, a spyware technology designed by NSO Group, an Israeli firm, which can extract the contents of a phone, giving access to its texts and photographs, or activate its camera and microphone to provide real-time surveillance—exposing, say, confidential meetings. … there is evidence that Pegasus is being used in at least forty-five countries, and it and similar tools have been purchased by law-enforcement agencies in the United States and across Europe.”

    My Techtonic show: https://www.wfmu.org/playlists/shows/114676

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.