On April 11, 2022, Reuters reported that Pegasus spyware hacked the iPhones of senior EU (European Union) officials last year. Additionally, one of them was the European Justice Commissioner. However, NSO denies the use of Pegasus. So the question is – can we take the company’s word for the issue?
What is Pegasus?
Pegasus is a spyware tool developed by NSO Group, headquartered in Israel. Various government and law-enforcement agencies buy this software. Additionally, it can hack into smartphones with remote zero-click. As a result, the spyware requires no user interaction in the device it targets.
Hence, a simple iMessage received on an iPhone can compromise the device, exposing personal information without opening the message. The reason is that NSO purchases zero-day vulnerabilities, unknown to Apple. However, as soon as Apple detects these vulnerabilities, it patches them up while NSO purchases new ones. In addition, Apple now sees signs of Pegasus compromising an iPhone and sends an alert to the user.
Senior EU officials targeted by Pegasus
Last year, Pegasus reportedly hacked the iPhones of senior EU officials. Fortunately, the officials got an alert from their Apple devices, making them aware of the attack. The list included Didier Reynders, a senior Belgian statesman and the European Justice Commissioner since 2019. Besides that, it had at least four other senior EU officials. Additionally, Apple’s messages delivered in November to thousands of iPhone owners made the commission aware of the attack. The message to the users was that they “were targeted by state-sponsored attackers.”
Moreover, all the employees at the commission received an email from a senior tech staff regarding details of the Pegasus threat. As a result, it helped non-tech employees understand the severity of Apple’s message.
However, officials have not yet identified which country used Pegasus for the attack on senior EU officials. But, NSO insists that the hacking “could not have happened with NSO tools.” Additionally, Reuters reports that QuaDream, another Israeli company, sells an “almost identical” spyware tool. Lastly, the US has already banned the use and import of Pegasus. So, considering the attack, will the EU do the same?