The Israeli spyware maker NSO Group deployed at least three new “zero-click” hacks against iPhones last year, finding ways to penetrate some of Apple’s latest software, researchers at Citizen Lab have discovered.
The methods, known as zero-click exploit chains, allows the company to circumvent security features of the Apple phones and install NSO’s “Pegasus” spyware, which can collect information from a device and also use its cameras and microphones for real-time surveillance.
Media reports claimed that the attacks targeted human rights activists who were investigating the 2015 mass kidnapping of 43 student protesters in Mexico, other suspected military abuses, and the related government response, Citizen Lab said. Mexico has been a major NSO customer.
Citizen Lab said the hacking methods were used against devices belonging to members of the Miguel Agustin Pro Juarez AC Human Rights Centre, known as Centro Prodh, a Mexican human rights group. A representative for the group couldn’t immediately be reached for comment.
An Apple representative said that while the threats outlines by Citizen Lab only impact “a very small number of our customers, “we take any attack on our users extremely seriously and we continue to build more defences into our products”.
An NSO spokesperson said the company “adheres to strict regulation and its technology is used by its governmental customers to fight terror and crime around the world”.
The spokesperson also took aim at Citizen Lab, which has produced numerous reports outlining misuse of spyware from NSO and others, saying: “Citizen Lab has repeatedly produced reports that are unable to determine the technology in use and they refuse to share their underlying data”.
The Israeli firm has been subjected to intense scrutiny – from Citizen Lab, journalists and government officials – due to reports that its technology has been used by government clients to spy on dissidents, journalists, politicians and others.
Last year, NSO cut jobs and raised prices in a bid to satisfy creditors holding around US$400 million in the company’s debt, Bloomberg reported in November.