https://www.washingtonpost.com/technology/2021/07/19/apple-iphone-nso/
The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind as an iMessage from somebody she didn’t know delivered malware directly onto her phone — and past Apple’s security systems.
Once inside, the spyware, produced by Israel’s NSO Group and licensed to one of its government clients, went to work, according to a forensic examination of her device by Amnesty International’s Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO’s signature surveillance tool, during a time when she was in France.
Read key takeaways from the Pegasus Project
The examination was unable to reveal what was collected. But the potential was vast: Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.
And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.”
These kinds of “zero-click” attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance — and built marketing campaigns on assertions that it offers better privacy and security than rivals.
Mangin’s number was on a list of more than 50,000 phone numbers from more than 50 countries that The Post and 16 other organizations reviewed. Forbidden Stories, a Paris-based journalism nonprofit, and the human rights group Amnesty International had access to the numbers and shared them with The Post and its partners, in an effort to identify who the numbers belonged to and persuade them to allow the data from their phones to be examined forensically.
For years, Mangin has been waging an international campaign to win freedom for her husband, activist Naama Asfari, a member of the Sahrawi ethnic group and advocate of independence for the Western Sahara who was jailed in 2010 and allegedly tortured by Moroccan police, drawing an international outcry and condemnation from the United Nations.
“When I was in Morocco, I knew policemen were following me everywhere,” Mangin said in a video interview conducted in early July from her home in suburban Paris. “I never imagined this could be possible in France.”
Especially not through the Apple products that she believed would make her safe from spying, she said. The same week she sat for an interview about the hacking of her iPhone 11, a second smartphone she had borrowed — an iPhone 6s — also was infected with Pegasus, a later examination showed.
.....
Read the rest on the site
The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind as an iMessage from somebody she didn’t know delivered malware directly onto her phone — and past Apple’s security systems.
Once inside, the spyware, produced by Israel’s NSO Group and licensed to one of its government clients, went to work, according to a forensic examination of her device by Amnesty International’s Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO’s signature surveillance tool, during a time when she was in France.
Read key takeaways from the Pegasus Project
The examination was unable to reveal what was collected. But the potential was vast: Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.
And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.”
These kinds of “zero-click” attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance — and built marketing campaigns on assertions that it offers better privacy and security than rivals.
Mangin’s number was on a list of more than 50,000 phone numbers from more than 50 countries that The Post and 16 other organizations reviewed. Forbidden Stories, a Paris-based journalism nonprofit, and the human rights group Amnesty International had access to the numbers and shared them with The Post and its partners, in an effort to identify who the numbers belonged to and persuade them to allow the data from their phones to be examined forensically.
For years, Mangin has been waging an international campaign to win freedom for her husband, activist Naama Asfari, a member of the Sahrawi ethnic group and advocate of independence for the Western Sahara who was jailed in 2010 and allegedly tortured by Moroccan police, drawing an international outcry and condemnation from the United Nations.
“When I was in Morocco, I knew policemen were following me everywhere,” Mangin said in a video interview conducted in early July from her home in suburban Paris. “I never imagined this could be possible in France.”
Especially not through the Apple products that she believed would make her safe from spying, she said. The same week she sat for an interview about the hacking of her iPhone 11, a second smartphone she had borrowed — an iPhone 6s — also was infected with Pegasus, a later examination showed.
.....
Read the rest on the site
