Traces of compromise by the Pegasus malware deployed by Israeli spyware developer NSO Group or its customers have been found on recent, up-to-date Apple iPhones, suggesting the devices may contain unknown vulnerabilities.
Technical analysis by Amnesty International found evidence of compromise on the iPhone 11 of a French human rights activist, with the device looking up an iMessage account not known to the target, and running malicious processes after the attack.
The compromise indicators were found on June 11 this year, with the iPhone running iOS 14.4.2 and being upgraded to the recent iOS 14.6 on June 12.
An Indian journalist’s iPhone XR running the fully patched iOS 14.6 was attacked on June 16.
On June 24, an active Pegasus infection was found on an iPhone X with iOS 14.6 belonging to an unnamed human rights activist.
NSO Group’s Pegasus spyware has been observed since 2014, and remains a threat to this day despite Apple patching the vulnerabilities exploited by the malware.
The malware does not require any user interaction to execute, and Amnesty International said it can be deployed through network injection using rogue cell towers or other dedicated equipment at mobile operators’ sites.
Other delivery methods for Pegasus includes vulnerabilities in Apple’s iMessage and FaceTime communications apps, the Apple Music service, and malicious Safari web pages.
Apple has been notified by Amnesty International of the vulnerabilities affecting the recent iPhones and iOS versions.
NSO Group also operates an extensive infrastructure for the spyware with at least 700 Pegasus related domains, Amnesty International said.
Amazon Web Services told Amnesty International it has closed down the NSO Group accounts and infrastructure it hosted, following the reports into the Israeli spyware vendor’s activities.
Digital Ocean and Linode are also among the providers used to host NSO Group infrastructure.
Amnesty International worked with 17 media organisations in 10 countries, along with the French Forbidden Stories not-for-profit media, and the University of Toronto’s The Citizen Lab, to produce the recent report into NSO Group’s activities.
A leaked list of some 50,000 phone numbers belonging to potential surveillance targets around the world sparked the investigation into the NSO Group spyware, which Amnesty says is used to facilitate human rights violations around the world on a massive scale.
Among those targeted are the family of murdered Washington Post journalist Jamal Khashoggi, heads of state, activists and journalists.
NSO Group has at length denied the claims made in media reports, calling them false and misleading.
Instead, the company said its technologies are used to prevent terrorism and violence, and to save lives.