IPhone Hacked Using Pegasus Spyware from Israel’s NSO Group

An iPhone belonging to a staffer at a Washington-based civil society organization was hacked remotely with spyware created by Israel’s NSO Group.

(Bloomberg) — An iPhone belonging to a staffer at a Washington-based civil society organization was hacked remotely with spyware created by Israel’s NSO Group.

The hack was discovered last week and reported to Apple Inc., which moved quickly to investigate and patch the breach, according to John Scott-Railton, a senior researcher with Citizen Lab at the University of Toronto’s Munk School. 

NSO Group has been sanctioned by the US since 2021 due to its Pegasus hacking tool, which has been used by some governments to target journalists and dissidents beyond their borders. It is a so-called zero-click hack, in which the user doesn’t need to click on a link in order for malware to install software that can turn phones into real-time surveillance devices. 

“The gravity of the attack, which is a zero click, combined with the fact that it was being actively used in the wild against civil society makes it clear that this is the kind of thing that needs to be taken really seriously and prioritized, and we’re glad that Apple did that,” Scott-Railton said in an interview.

Citizen Lab called the exploit chain BLASTPASS in a blog post on Thursday, and said it was capable of compromising iPhones running the latest version of Apple’s operating system without any interaction from the victim. A spokesperson for Apple confirmed the account. 

Read More: Rise of ‘Zero-Click’ Hacks Means Spying Is Harder to Stop

“We are unable to respond to any allegations that do not include any supporting research,” a spokesperson for NSO Group said. The company has previously said Pegasus doesn’t work on phone numbers with the +1 county code used in the US and Canada.

Citizen Lab did not identify the targeted individual or organization. Earlier this year, the research group found that NSO Group had used at least three zero-click methods to hack civil society groups, and the company’s tools have been linked to spying on prominent figures in Armenia, including a United Nations official. 

In reporting the latest breach, Citizen Lab recommended “everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode” on their devices. Lockdown Mode severely restricts apps and features on a person’s phone — for example blocking most message attachments. 

The report comes as NSO Group has faced increased scrutiny around the world. On Thursday, Poland’s Senate published the results of an investigation into the use of Pegasus during the 2019 parliamentary elections that found violations of constitutional standards and said the vote was not fair due to the use of the spyware. 

In August, the Israeli government announced that it had set up a commission to investigate whether police misused spyware, including applications made by NSO Group, in criminal investigations.

(Updates with additional information from NSO Group in sixth paragraph. A previous version of the story corrected the headline to remove that it was a US phone.)

More stories like this are available on bloomberg.com

©2023 Bloomberg L.P.