The shadowy world of private spyware has long caused alarm in cybersecurity circles, as authoritarian governments have repeatedly been caught targeting the smartphones of activists, journalists, and political rivals with malware purchased from unscrupulous brokers. The surveillance tools these companies provide frequently target iOS and Android, which have seemingly been unable to keep up with the threat. But a new report suggests the scale of the problem is far greater than feared—and has placed added pressure on mobile tech makers, particularly Apple, from security researchers seeking remedies.
This week, an international group of researchers and journalists from Amnesty International, Forbidden Stories, and more than a dozen other organizations published forensic evidence that a number of governments worldwide—including Hungary, India, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates—may be customers of the notorious Israeli spyware vendor NSO Group. The researchers studied a leaked list of 50,000 phone numbers associated with activists, journalists, executives, and politicians who were all potential surveillance targets. They also looked specifically at 37 devices infected with, or targeted by, NSO’s invasive Pegasus spyware. They even created a tool so you can check whether your iPhone has been compromised.
NSO Group called the research “false allegations by a consortium of media outlets” in a strongly worded denial on Tuesday. An NSO Group spokesperson said, “The list is not a list of Pegasus targets or potential targets. The numbers in the list are not related to NSO Group in any way. Any claim that a name in the list is necessarily related to a Pegasus target or potential target is erroneous and false.” On Wednesday, NSO Group said it would no longer respond to media inquiries.