A scandal surrounding the use of NSO’s Pegasus spyware by Israel’s police has provided a rare look at early screenshots of the app in action when remotely accessing a compromised smartphone.
A series of screenshots show the spyware doing everything from displaying the contents of WhatsApp messages to activating the camera to spying on the owner’s surroundings.
quick pegasus primer
Here’s our quick Pegasus primer for the unfamiliar.
NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company buys so-called zero-day vulnerabilities (unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – targets where no user interaction is required.
Specifically, it has been reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – could allow an iPhone to be compromised, with personal data exposed.
NSO only sells Pegasus to governments, but its customers include countries with extremely poor human rights records – targeting political opponents and others.
The US government banned the import and use of Pegasus, depriving the company of its most lucrative customer base: US law enforcement agencies. Apple added to the pressure, sued the company, and alerted owners of infected iPhones. This put the company under immense financial pressure, which could see it disappear — or just make things worse.
Screenshots (top and bottom) exposed as a result of investigative journalism by Financial Publishing calculator In the possible illegal use of Pegasus by police within Israel. they showed:
- Activate the phone’s microphone to listen to the owner and anyone with them live
- Activating the phone’s camera to take snapshots of the environment
- Listen to captured recordings of incoming and outgoing phone calls
- read text messages
- read whatsapp messages
This resulted in an official investigation led by Deputy Attorney General Amit Merari, which included reports including a presentation prepared to the government’s cabinet at the time. The slide deck was designed to show how police were using spyware, although it is not yet known whether it was actually presented to ministers.
haaretz Report on the capabilities shown in the presentation.
Screenshots show the wide range of tools police wanted to use as soon as the device became infected. One of the images depicts the WhatsApp correspondence of a certain “John Doe” with a woman who can be identified by his name.
The woman was the sales manager at NSO, thus showing system capability besides showing engagement with the company. This is not the only example. There are also details of other talks between the aforementioned John Doe and five additional NSO employees.
Another capability of Sifan mentioned in the presentation is the interception of incoming and outgoing phone calls. In addition to this capability, which seems relatively routine in the world of intelligence surveillance, is known in professional parlance as “volume listening” and is considered highly intrusive.
In simple words it means real time wiretapping around the device through remote activation of the microphone of the device. This type of wiretapping requires the order of the chairman of the district court or his deputy.
The list of capabilities outlined by the police goes beyond wiretapping and includes remote operation of the camera on an “infected” device, an action that is highly illegal as the law does not explicitly permit the installation of hidden cameras, and certain verily does not do so. Allow remote control of the camera by hacking the suspect’s mobile device.
NSO has several different versions of Pegasus, and it is unclear whether this version was ever used outside of Israel, but it is the version used within the US with widely reported capabilities. aligns. It was knowledge of such abilities that led whistleblower Edward Snowden to insist that anyone meeting him must put their phone inside a microwave oven to block radio transmissions.
You can see other screenshots below. Right-click and open image in new tab to view full size.
FTC: We use income generating auto affiliate links. More.
For more Apple news, check out 9to5Mac on YouTube: