Israeli cybersecurity firm NSO Group continues to make global headlines over its flagship software known as Pegasus, which top Google security analysts now say is one of the most sophisticated pieces of spyware around.
It’s not just that NSO’s vetting process was too lax, enabling a number of bad actors to get their hands on Pegasus. It’s that the company was selling the cybersecurity equivalent of a nuclear bomb. See: What Are Israelis Saying About the NSO Spyware Scandal?
Ian Beer and Samuel Groß are researchers at Google Project Zero, the internet giant’s team of crack security experts tasked with finding software vulnerabilities. In their recent technical analysis of Pegasus, Beer and Groß called the Israeli-made spyware “pretty incredible, and at the same time, pretty terrifying.”
Most spyware programs require the target to click on a link or download a file to enable a hack of their personal device. But not so with Pegasus, which gives operators the ability to gain full control of a target’s mobile phone without any direct interaction.
“In the zero-click scenario, no user interaction is required, meaning that the attacker doesn’t need to send phishing messages; the exploit just works silently in the background,” wrote the Google researchers.
It’s a “weapon against which there is no defense,” they added, noting that even tech-savvy targets would be unable to prevent being spied on by Pegasus.
Given that Pegasus is, in the words of Beer and Groß, “one of the most technically sophisticated exploits we’ve ever seen,” they expected that such a weapon would “be accessible to only a handful of nation states.”
But amidst the ongoing scandal, it’s been revealed that Pegasus was licensed to a number of governments and groups with questionable human rights records, and was used for such nefarious purposes as suppressing freedom of the press.
Israel’s government has promised more oversight of all cybersecurity software sales going forward. But that won’t be enough to stop the lawsuits.
Many of the more high-profile Pegasus cases involved Apple iPhones, widely thought to be the most secure mobile phones on the market. That the Israeli hackers behind NSO were able to so completely compromise these devices has not helped Apple’s stock prices.
In filing suit late last month, the tech behemoth vowed that NSO, and the State of Israel indirectly, will be held accountable.