NSO Group’s Pegasus spyware may be actively exploiting the most recent software in the iPhone 12 to monitor victims through the world, according to a sweeping new report from Amnesty International.
“These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” the group wrote in a report published on July 18. “We have reported this information to Apple, who informed us they are investigating the matter.”
The revelation comes as part of a broader investigation into the use of the notorious spyware. Between July 2014 and July 2021, the NSO group’s Pegasus software was used to target more than three dozen smartphones belonging to journalists, human rights activists and business executives, according to a joint investigation between Amnesty, French journalism nonprofit Forbidden Stories and 17 media organizations including The Washington Post.
Targets included Hatice Cengiz, fiancee of murdered Washington Post journalist Jamal Khashoggi, Mexican journalist Carmen Aristegui and Siddharth Varadarajan, co-founder of India’s independent online news outlet the Wire.
The scope of victims is likely much wider.
“Pegasus may have been used in thousands of attacks over the past three years,” Amnesty notes.
The new report highlights the growing use of “zero-click” attacks by the group. Such attacks infect phones without a user having to open a message or click on an external link. The most recent known instance of such an attack by Pegasus software was July 2021.
Human rights groups have tied the NSO Group’s technology to the targeting of activists, dissidents and journalists for years. The Israel-based company states that it only licenses its tools to governments for the surveillance of criminals and terrorists.
“This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware,” Amnesty International notes in its report. “As laid out in the UN Guiding Principles on Business and Human Rights, NSO Group should urgently take proactive steps to ensure that it does not cause or contribute to human rights abuses within its global operations, and to respond to any human rights abuses when they do occur.”
The NSO Group largely disputed the consortium’s findings to The Washington Post.
NSO chief executive Shalev Hulio told The Washington Post that the company had terminated two contracts over alleged human rights abuses in the past 12 months and the company investigates every allegation.