Pegasus has indirectly targeted US iPhones; 10 Downing Street too

The NSO Pegasus spyware indirectly targeted US iPhones, even though the company prevents customers from infecting phones with US SIM cards. Devices belonging to Catalan politicians and others have also been infected, and the Spanish government is suspected of being responsible.

In addition, it was discovered that a network-connected device at 10 Downing Street – the office of British Prime Minister Boris Johnson -…


NSO Group manufactures spyware called Pegasus, which is sold to the government and law enforcement agencies. The company buys so-called zero-day vulnerabilities (those that Apple doesn’t know about) from hackers, and its software is said to be capable of mounting zero-pressure exploits – as the target doesn’t require user intervention.

In particular, it has been reported that receiving a certain iMessage – without opening it or interacting with it in any way – can allow an iPhone to be hacked, with personal data exposed.

NSO imposes some conditions on those who buy Pegasus, one of which is that it should never be used to hack phones with US phone numbers. It would likely do so to avoid a strong response from the US government and its intelligence agencies. Pegasus has already been declared a national security risk, and its use is prohibited within the United States.

Pegasus indirectly targeted US iPhones

Citizen Lab, an initiative of Canada’s University of Toronto, says it has found evidence that the powerful Pegasus spyware is being used to indirectly target US phones. The technique used is known as “off-center targeting”.

Targeting friends, family members, and close people is a common practice for some hacking operations. This technology allows an attacker to gather information about a primary target without necessarily having to maintain access to that person’s device. In some cases, the primary target may also be infected, but in other cases this may not be possible due to various reasons.

We observed several cases of relational or ‘off-centered’ targeting: spouses, siblings, parents, employees, or close associates of Pegasus primary targets were targeted. In some cases, these individuals may also have been targets, but forensic information was not available. In other cases, we found no evidence that the primary target was infected by Pegasus, but we did find targeting of their peers.

For example, one of the people targeted by Candiru had a US SIM card in their device, and resides in the US. We failed to find evidence that this person had Pegasus. This is consistent with reports that most Pegasus customers are not allowed to target US numbers. However, both target parents use phones with Spanish numbers, and they were targeted on the day the primary target returned to Spain from the US. Neither parent is politically active or likely to have been targeted because of who they are or what they do.

In other words, text messages and other messages sent by an American phone can be intercepted by hacking the phones of the target’s family, friends and other contacts abroad.

British Prime Minister’s office has been successfully targeted

Piece in the next edition of New Yorker It reveals that Pegasus has also successfully targeted 10 Downing Street, the British Prime Minister’s office.

Pegasus was used to infect a networked device at 10 Downing Street, the office of Boris Johnson, Prime Minister of the United Kingdom. A government official confirmed to me that the network had been hacked, without specifying which spyware was being used.

“When we found Case 10, my jaw dropped,” recalls John Scott Railton, a senior researcher at Citizen Lab. “We suspect this involved data theft,” added Bill Marczak, another senior researcher there.

The official told me that the National Cyber ​​Security Centre, a branch of British intelligence, had tested several phones in Downing Street, including Johnson’s. A thorough search of the phones was difficult – the official said: “It’s a bloody tedious task – and the agency was unable to locate the infected device. The nature of any data that might have been taken has not been determined.”

Large-scale Pegasus attack against the Catalans

Citizen Lab also found that at least 63 people in Catalonia were attacked by Pegasus, with the Spanish government the main suspect.

Hacking covers a range of civil society in Catalonia, from academics and activists to NGOs. Catalan government and elected officials have also been widely targeted, from the highest levels of Catalan government to members of the European Parliament, legislators, their employees and family members. We do not definitively attribute targeting to a specific government, but extensive circumstantial evidence points to the Spanish government […]

With the targets’ approval, we obtained forensic artifacts from their devices that we examined for evidence of Pegasus infection. Forensic analysis allows us to conclude with high confidence that of the 63 individuals targeted with Pegasus, at least 51 were infected.

It was reported last week that Apple warned top EU officials that Pegasus had hacked their iPhones. The Cupertino company is proactively looking for signs that iPhones have been hacked by Pegasus, and sends an alert to the victims.

Note that nothing in infected iPhone reports should read more than Android devices: iOS makes it easier to detect when a device has been infected, so iPhones account for the majority of confirmed cases, but the number of infected Android phones is likely higher.

FTC: We use affiliate links to earn income. more.

Check out 9to5Mac on YouTube for more Apple news: