A wall on a branch of the Israeli NSO Group company,near the southern Israeli town of Sapir.

A wall on a branch of the Israeli NSO Group company,near the southern Israeli town of Sapir.Credit:AP

This is the first time since 2019 that the malicious code used in a Pegasus hack has been discovered by researchers and offers new insights into the techniques of the company,highlighted in July by The Pegasus Project,a multi-part global investigation byThe Washington Post and 16 other news organisations.

The researchers declined to name the Saudi activist who was targeted,at the person’s request. They also did not reveal what NSO governmental client they believe deployed Pegasus against this person. They did say thatthe hacking technique used,which they called “forced entry”,has been active since February and can invade Apple iPhones,MacBooks and Apple Watches secretly in what’s called a “zero-click attack” - something of a speciality for NSO,which is based in Israel.

“We wouldn’t have discovered this exploit if NSO’s tool wasn’t used against somebody they shouldn’t be targeting,” said John Scott-Railton,a researcher for Citizen Lab,based at the University of Toronto’s Munk School of Global Affairs and Public Policy.

He added,“chat programs are quickly becoming a soft underbelly of device security.”

“Chat programs are quickly becoming a soft underbelly of device security,” said one reseacher.

“Chat programs are quickly becoming a soft underbelly of device security,” said one reseacher.Credit:AP

Apple did not immediately respond to a request for comment.

NSO Group says it licenses itsPegasus spyware tool to government agencies and police forces around the world to investigate major crimes. But the Pegasus Project investigation and earlier reports by Citizen Lab found that the tool had also been used to target political dissidents,business leaders,journalists and human rights activists.

Advertisement

As part of the Pegasus Project,forensic analyses revealed that 67 phones had shown signs of a successful Pegasus infection or intrusion attempt. Amnesty International’s Security Lab,a technical partner of the investigation,said last week that it has confirmed infections or traces of Pegasus spyware in 15 additional phones since the stories were first published in July,including a phone belonging to British human-rights activist David Haigh.

Loading

Forbidden Stories,a Paris-based journalism nonprofit,and Amnesty International,a human rights group,helped coordinate the investigation and run forensic analyses on smartphones.

Monday’s findings by Citizen Lab could renew pressure on NSO Group and Israel,which approves Pegasus export licenses. Israel’s foreign minister,Yair Lapid,said earlier this month the government would review NSO’s work to ensure “nobody is misusing anything that we sell”.

A top adviser to President Joe Biden discussed the spyware during a July meeting with a senior official with Israel’s Ministry of Defence,and members of Congress have called on the White House to push forward on regulations,sanctions and other investigations designed to address the spyware’s misuse.

The Washington Post

Get a note direct from our foreigncorrespondentson what’s making headlines around the world.Sign up for the weekly What in the World newsletter here.

Most Viewed in World

Loading