Pegasus Spyware Breach Of Latest iPhones ‘Very Concerning’ For Enterprises
Devices that were reportedly compromised by the NSO Group spyware included iPhone 12 models with the latest software update.
Among the devices hacked using the NSO Group’s Pegasus spyware are the latest iPhone model, the iPhone 12, running the most recent software update, according to reports.
Israel-based NSO Group has breached Apple devices including the iPhone 12 and iPhone 11, and “thousands of iPhones have potentially been compromised,” human rights group Amnesty International said in its disclosure about the NSO Group’s Pegasus spyware hack.
[Related: 25 Coolest Mobile Security And Management Tools Of 2021: The Mobile 100]
Amnesty and nonprofit journalism organization Forbidden Stories shared a list of phone numbers allegedly targeted by the spyware with the Washington Post and other media outlets—which confirmed that 37 smartphones had been subject to attempted or successful hacking.
The smartphones belonged to journalists, activists, executives and individuals close to Jamal Khashoggi, the Saudi journalist who was murdered in 2018, according to the Post.
The NSO Group has reportedly licensed the Pegasus spyware—which purports to be for tracking terrorists and criminal suspects—to numerous governments.
Apple iPhones running the latest software update, iOS 14.6, are reportedly among the devices that were compromised by the Pegasus spyware’s “zero click” iMessage exploit.
(1) @AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.— Bill Marczak (@billmarczak) July 18, 2021
The hack is “very concerning for the enterprise customer level,” said one executive at a solution provider, who asked to not be identified, in an email to CRN.
The incident raises questions about how many other hacking groups might be aware of the exploits, as well as about how enterprises can protect their executives and workforces, the executive said. It’s unclear whether “current mobile security tools can detect Pegasus,” the executive said.
Apple did not immediately respond to a request for comment. NSO Group has denied the allegations that have been reported about the use of the Pegasus spyware.