Yesterday the news was leaked that the i-Phones of 11 US embassy employees working in Uganda were hacked using spyware developed by the Israeli group NSO, the pegasus. The Tel Aviv surveillance firm had already been included a month ago on the American black list of untrustworthy companies that collaborate with non-allied governments.
Pegasus is a sophisticated surveillance system that can be remotely implanted into smartphones to extract audio and video recordings, encrypted communications, photos, contacts, location data and text messages.
The first to publish the news was the Reuters agency which reported on the Apple message to employees of the US embassy in Uganda: "Apple believes it has been targeted by state attackers who are trying to remotely compromise the iPhone associated with your Apple ID. These attackers are likely interested in who you are or what you do. If your device is compromised, the cyber attacker may be able to remotely access your sensitive data, communications or even your camera and microphone. Although it is possible that this is a false alarm, please take this notice seriously ".
There is no indication that the NSO directly hacked the phones. Usually, as on other occasions, it has been established that the authors are foreign governments that purchase licenses for the use of malicious software. Like Russia which, thanks to the Pegasus, has managed to repeatedly breach the State Department's unclassified email systems.
The software's targets also include confidants of Jamal Khashoggi, the Washington Post columnist who was dismembered by Saudi agents in Turkey, a number of human rights lawyers, dissidents and journalists in the Emirates and Mexico, and even their family members living in the United States.
La China used similar types of spyware to crack down on Muslim minorities, as well as Russia against dissidents. Saudi Arabia is believed to have used it in Khashoggi's killing and subsequent attempt to cover up the crime. But until now it was not known that it was aimed at American diplomats.
The Biden administration last month blacklisted NSO, its subsidiaries and an Israeli company called Candiru, claiming it knowingly supplied spyware that was used by foreign governments to "target" dissidents' phones. human rights activists, journalists and others.
NSO and Candiru are not accused of intentionally hacking the phones themselves, but of selling tools to customers knowing they could be used for malicious attacks.
President Biden will hold a summit at the White House next week with dozens of foreign countries, including Israel, to resolve the problem that is creating many diplomatic incidents.
NSO is one of several companies in the industry that makes money by finding vulnerabilities in the various operating systems of widely used technology products.
NSO has issued a press release stating that it will conduct an independent investigation into the allegations and will cooperate with any US government investigation: "We have decided to immediately terminate affected customers' access to the software due to the seriousness of the allegations. However, we have not yet received any details on the violation or the telephone numbers involved ".
Although Israeli firm NSO claims it carefully selects its customers, the United States is determined and has included the firm among companies opposed to US foreign policy interests, instructing the Commerce Department to ban the receipt of key technologies.
Apple, in response to this vulnerability, created a patch in September that corrected the weakness of its mobile operating system. Since that patch only protects a phone after a user downloads the updated software, it is possible that hackers will continue to exploit the weakness to infiltrate phones that have yet to be updated. Apple has asked State Department employees to take several precautions, including immediately updating their iPhones with the latest software available, which includes the patch. The company said the attacks detected by Apple "are ineffective against iOS 15 and later".