Research by Amnesty International shows that Israeli espionage software is used to intercept human rights activists and journalists. iPhones with the latest iOS version can also be cracked.
iOS 14.6 is vulnerable to Israeli iPhone spyware
Human rights organization Amnesty International conducted research between 2014 and 2021, together with 17 media organizations, into malware from NSO Group, an Israeli company that makes spyware, among other things.
This software secretly collects data from iPhone users, among others. Pegasus, as NSO Group’s ‘product’ is called, can intercept (and forward) messages, e-mails and other media files, among other things. According to Amnesty, the Israeli spyware is also able to record telephone conversations and remotely switch on the microphone of iPhones.
Amnesty’s investigation has revealed more than 50,000 possible victims. This list includes journalists, judges, academics and human rights activists. Amnesty and the media organizations involved will contact all victims in the coming weeks to tell them (to what extent) they have been tapped. Possible next steps are also discussed.
How Vulnerable Are iPhones?
Worryingly, the Pegasus software is able to circumvent the tight security of iPhones. The ‘spy’ does this through a security hole in iMessage, Apple’s standard messaging service.
According to Amnesty researcher Bill Marczak this vulnerability is still present in iOS 14.6, the latest software version for the iPhone. In other words, Pegasus still poses an active risk. Apple itself has not yet responded to this allegation.
It is not clear from the investigation how the Israeli spy software manages to circumvent the security of iPhones. Amnesty does write that the security problems have been going on for years.
In 2019, for example, NSO would have spread the spyware via hacked iCloud profiles. It is unclear whether iOS 14.7, the next iPhone update, will close the security holes.
Read more: iOS 14.7: These 3 features are coming to your iPhone soon
NSO responds
The company behind the Pegasus spyware, NSO Group, contradicts the research results. According to the Israeli cyber company, the investigation is “full of errors and baseless theories.”
NSO says it does not have access to the data of their customers, which are often governments. The company says it cannot make a statement about the content of their work due to contractual reasons.
The Israeli cyber company also states that it only sells its Pegasus software to governments and security services. They are only allowed to use the spyware to track down criminals and terrorists.
Want to stay informed about this story? Then download the iPhoned app or sign up for the newsletter!
Sign up for our newsletter