The 11 Ghastly Things I Got out of NSO Group’s iPhone Hack

You have nothing left to hide.

NSO Group is so secretive it doesn’t even have a website. The malware company was founded in 2010 in Israel with $1.6 million in seed money. Its “most recently-known owner” – as Forbes put it – is private equity firm Francisco Partners in San Francisco which acquired a majority stake in 2014 for $120 million and then tried to sell that stake in November 2015 for $1 billion, “people familiar with the matter” told  Reuters at the time.

Reuters also said that the company “has since changed its name several times, most recently calling itself ‘Q.’”

I have not found any evidence that the sale actually happened. At the time, the valuations of unicorns were routinely taken out the back and slashed.

The company makes and sells surveillance malware called Pegasus that governments around the world, or anyone able to buy it and willing to pay the steep price, can use to target a specific user’s iPhone, Android, BlackBerry, or Symbian device.

An NSO proposal seen by the New York Times points out that the system gives “unlimited access to a target’s mobile devices” to “remotely and covertly collect information about your target’s relationships, location, phone calls, plans and activities — whenever and wherever they are.” And, “It leaves no traces whatsoever.”

It has a rich list of features and benefits, according to the New York Times:

Among the Pegasus system’s capabilities, NSO Group contracts assert, are the abilities to extract text messages, contact lists, calendar records, emails, instant messages and GPS locations. One capability that the NSO Group calls “room tap” can gather sounds in and around the room, using the phone’s own microphone.

Pegasus can use the camera to take snapshots or screen grabs. It can deny the phone access to certain websites and applications, and it can grab search histories or anything viewed with the phone’s web browser. And all of the data can be sent back to the agency’s server in real time.

In its commercial proposals, the NSO Group asserts that its tracking software and hardware can install itself in any number of ways, including “over the air stealth installation,” tailored text messages and emails, through public Wi-Fi hot spots rigged to secretly install NSO Group software, or the old-fashioned way, by spies in person.

So here are the 11 ghastly things I got out of it.

1. It gets expensive to spy on a lot of people. According to the New York Times, it starts with an installation fee of $500,000. It costs an additional $650,000 for 10 iPhones; $650,000 for 10 Android devices; $500,000 for 5 BlackBerry devices, and $300,000 for 5 Symbian devices. Quantity discounts apply: 10 additional targets for $150,000; 50 additional for $500,000; and 100 additional for $800,000.

2. Big Money backs this kind of technology, and it will go far. PE firm Francisco Partners has “nearly $10 billion of capital raised to date,” as it says. Venture Capital is chasing these technologies too. So this is just the beginning.

3. It worked and left “no traces whatsoever” – until someone used his brain. Ahmed Mansoor, a human rights activist in the United Arab Emirates received a text message on his iPhone that promised to reveal details about torture in UAE prisons. He didn’t click on the link but contacted Citizen Lab.

Citizen Lab, in conjunction with Lookout Mobile Security, then discovered three previously-unknown and unpatched Apple iOS vulnerabilities (called “zero days” because companies had zero days to patch them) that Pegasus exploited. Apple has since fixed the three vulnerabilities. Citizen Lab also discovered a second target, a journalist in Mexico who wrote about corruption.



4. The company publishes no performance metrics. So we don’t know on how many devices this software has been installed, but it would be an interesting metric to have, like Twitter’s rubbery “average monthly active users.”

5. And it’ll get a lot cheaper. NSO is among “dozens of digital spying outfits that track everything a target does on a smartphone,” according to the New York Times. “They aggressively market their services to governments and law enforcement agencies around the world.” As these technologies advance, and as more money piles in – given the big price tags and the 7.5 billion targets running around on the planet – commoditization will set in. And competition will force prices down, thus making these invaluable services a lot more cost-effective to deploy.

6. The corporate mission statement makes you laugh and gnash your teeth at the same time, because you can’t figure out if it is dark sarcasm, corporate speak gone awry, propaganda, or just an ad slogan designed by an unsupervised and unpaid intern as a practical joke. According to the New York Times, the NSO’s corporate mission statement is “Make the world a safe place.”

7. Encryption, no problem. Pegasus works its way around encryption by luring users into clicking on a link and by exploiting zero-day flaws.

8. Now you have nothing left to hide. The malware is all encompassing. Once installed, Pegasus is “hoovering up all communications and locations of the targeted iPhones,” according to Forbes. “That includes iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype communications, amongst other data. It can collect Wi-Fi passwords too.” It can record what’s going on in the room and take photos of surroundings. So, unless you want to share this sort of thing, it’s advisable to not ever keep your smartphone in the same room where you have sex.

9. But you have no idea what they’re grabbing, or what they grabbed last year, and who is doing the grabbing. You might never find out why you suddenly got fired or lost a contract or were disappeared from the face of the earth.

10. This is for your own good. The industry and its investors, and governments that use this type of malware, or other forms of spying, incessantly argue that this spying is essential to keep us safe by tracking terrorists, kidnappers, drug traffickers, wayward bloggers, concerned citizens, human rights activists, journalists, and others – and to keep facts in the dark (such as corruption) and hang on to power.

11. Spying is big business, coming and going. If you can create this kind of malware and make a ton of money with it, why not also create defenses against it and make a ton of money with it too. So Forbes noted that the founder of NSO and his “co-entrepreneurs” started up a new outfit, Kaymera, “designed to solve the exact problems NSO created: a super-secure phone for government officials.” Ka-ching.

Gnash your teeth some more. There’s already a backlash: individual lawsuits, state attorney general investigations, and government investigations. Read… With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy



Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.



  45 comments for “The 11 Ghastly Things I Got out of NSO Group’s iPhone Hack

  1. Russ Winter says:

    I suppose this includes Ipads and PCs as well?

    • d says:

      It includes any of the electronic toys not in a sealed environment. That have anything that a connection can be made through, including speakers.

      And has for some time.

      A major NYC mobster was brought down in the US through a key logger, long ago. Everybody thought the keylogger was manually installed.

      Seems it was actually done with a mobile wireless devise, that was in the early 90’S.

  2. Lee says:

    Wolf,

    With that kind of stuff in the ‘public domain’ just think what the NSA can do……………………….

    • Wolf Richter says:

      Yup. You might as well just send them all your stuff voluntarily. Would save everyone a lot of time and hassles.

    • Petunia says:

      The NSA can monitor all communications but that doesn’t mean they know what you are doing. Once these data dumps are stored, organizing them into meaningful databases takes a lot of computer time. The magnitude of time to organize as opposed to capturing data is enormous. Unless they are actively targeting you in real time, I wouldn’t put much stock in what they know about anybody in particular.

      • Mike says:

        Alas, mass surveillance is not as difficult as it seems. We regularly hear about sexy new highly targeted spyware – such as in this story – but there are also mass data collection capabilities (taps on undersea cables; metadata collection from phone carriers; hacks into google’s and others’ data centers; government mandated snooping for skype calls; compromise of several foreign SIM card providers, hoovering up cellphone conversations across europe). Backing this are major data centers such as the new one in Utah (https://en.wikipedia.org/wiki/Utah_Data_Center) – complete with power station – and existing (large) facilities in a half dozen other places.

        Per Snowden, circa 2010 there was storage and compute to support searching a month’s worth of (all) overseas phone conversations and data. By now it’s probably much more – for example, every quarter this (small) company adds another 5000-10000 multi-terabyte disk drives to its data warehousing operation (its business: charging users $5/mo for unlimited lifetime backup/storage): https://www.backblaze.com/blog/hard-drive-failure-rates-q2-2016/

        If you have a smart phone, you’ll know about google voice – providing a (somewhat rough but generally decent) realtime text transcription of your conversations. You may also have heard of facebook (and linkedin), whose game involves processing all of your contacts and interactions with (and interrelationships between) graphs of other people (i.e. processing exactly the same kind of information as is carried by phone metadata). The authorities regularly requesting and obtaining access to peoples’ search history in support of criminal investigations (although given the NSA hacks on the major software companies, one assumes that the “request” part is optional), letting them build a picture of what you’re interested in, thinking about, researching, talking/writing about. Realtime cellphone location records, allowing correlation of all of your movements with the movements of everyone you interact with (but hey, it’s “just” metadata, so that’s OK, right?). Email analysis. Purchase history.

        The only thing preventing mass surveillance of everyone – and detection and tracking of people (or groups of people) interested in particular topics or activities or having particular conversations or habits – is… nothing.

        Well, maybe some local laws related to privacy and decency. We’ve all seen how well that works…

  3. NotSoSure says:

    My phone is at least 5 generations behind. In fact it’s still the old Blackberry style keyboard. And it has zero internet capability.

    Muppets will always be muppets:
    1. They share their info freely online while expecting Facebook, etc to be guardians of these info.
    2. They keep upgrading to the most “updated” phone which means untested software with unknown vulnerabilities.

    Can’t wait till all these info gets used against them.

    • Wickedicepick says:

      “Can’t wait till all these info gets used against them.”

      That’s kind of mean spirited. It’s not easy to break through the propaganda. In fact it’s damn difficult. Most of my circle thinks things are going well, Hillary is a human being, and for them making fun of Trump is a favorite pastime. Make fun of trump all you want, but don’t try telling me hillary is any better than any of the other washington slimeballs.

  4. unit472 says:

    Since Alexander Graham Bell invented the telephone eavesdropping ( and notice the origin of that term) began. At first it was telephone company operators and linemen but by the 1920’s Al Capone was being ‘wiretapped’. Landlines were relatively secure though since one had to physically connect to a telephone line to listen in.

    When ‘cordless’ phones and early cell phones were introduced a whole new industry emerged. A radio scanner enabled anyone to surreptitiously listen to their neighbors phone calls. Millions of them were sold but digital phones and stepped frequency transmission rendered cheap analogue radio scanners obsolete.

    Now we have smart phones whose very capabilities serve to betray us in ways our telephones never could. Although illegal, I bought some cell phone jammers from China a few years ago to neutralize the spy in my pocket. They can also neutralize the computer in the police car that pulls you over but that is between you and me.

    • d says:

      “They can also neutralize the computer in the police car that pulls you over but that is between you and me.”

      Having them turned on around police cars, will get you pulled over.

      Officialdom is very interested, in moving or random signal “dark spots” .

  5. Meme Imfurst says:

    Funny…I just enrolled in a ‘penmanship’ course. Bought a roll of stamps and a very nice fountain pen the same day. I guess I am committed to getting my thoughts out nice and slow, and if I get no response I don’t care.

    There are always choices, you don’t have to play. Besides I am convinced all these phones against all these heads are…. Cooking Brains with Microwaves. Now there is a new cookbook title for you.

    • OutLookingIn says:

      No phone? = No data.

      Solved.

      The ONLY phone that I trust and which I own, is attached to the wall by a wire. Always answered by a machine with call display. My first and last cell phone was a first generation Nokia, over 15 years ago.

      Interesting to note that Alexander Graham Bell, when asked why he didn’t have a telephone in his house replied, ‘who wants a bell in the house that anyone can ring’!

      • Petunia says:

        They can also use your tv, cable box and/or a stick like the ones used by google and amazon.

    • nhz says:

      I guess you know the East German Stasi had a whole department dedicated to stealing, opening and resealing letters on a massive scale. Far more work than in our current digital world, but that didn’t prevent them from doing it and I’m sure they caught some people with the ‘wrong’ ideas.

  6. Kevin Beck says:

    So, the inventor wants to create a new system designed to prevent government officials from having their information stolen?

    He just revealed the REAL problem: Government officials don’t need this protection; it’s everyone else that needs the protection FROM them. The government officials don’t deserve to have any secrets.

  7. RD Blakeslee says:

    McAfee, internet security expert, uses nothing but an old fashioned flip-open cell phone with no capability beyond voice communication, except for a camera with its images stored on a chip in the phone.

    So do I.

    Internet connection is relatively private and safe (not perfect – nothing is) with a desktop computer and state of the art security software. Screened email only, no “social” sites like Facebook.

    • WTFrogg says:

      That won’t stop your carrier (or anyone that has access to their system codes from listening in. Ever had your cellphone turn itself on…even when you know that you shut it off ?? has happened to me many times on various phones…even the old style flip phones.

      Hacking the software on systems is scary enough. What really scares me is stuff that attacks the hardware : https://www.wired.com/2016/08/new-form-hacking-breaks-ideas-computers-work/

      Unless both you and whomever you are communicating with are using at minimum AES 256 level encryption end to end on voice, text and data you may as well post it on a billboard. Otherwise the old “party line” phone system from the last century applies.

      • WTFrogg says:

        BTW: How good are your passwords ???

        Check them using this : https://www.grc.com/haystack.htm

        If you are not using a Password Manager to store what should be strong and varied passwords for your access to the digital world…. you probably should be.

        Storing stuff in the Cloud ??? Encrypt it using Boxcryptor or similar product BEFORE you upload it to the Cloud.

        Guaranteed most of the cloud providers that offer you “free” storage have backdoors built into their systems OR will roll over when LEO comes knocking w/o a warrant.

        Got nothing to hide……..give me all your passwords so I can graze through your life and decide what to post on social media, etc.

        Better safe than sorry people.

      • nhz says:

        IMHO the really scary stuff is that what attacks the REAL hardware like electricity and natural gas network hubs, nuclear and other power stations, water and sewage systems, traffic light and air traffic control, medical equipment, etc. etc.

        Being spied on is one thing, people dying on a massive scale because of spyware gone rogue is quite something else. We are close to experiencing Skynet go live :-(

        All thanks to (first of all) the USSA and their best friends in the Middle East who are number one in developing this kind of scary stuff, all for ‘defensive purposes’ of course, for those who want to believe …

  8. RD Blakeslee says:

    Point 11, above, puts me in mind of ads a few years ago in mags like “Popular Mechanics”, advertising radar detectors for speeders and radar detector detectors for the police.

    Don’t remember if I saw radar detector detector detectors …

  9. Petunia says:

    There is no privacy on the internet or over the air waves, get use to it. Smart phones talk to each other when in proximity. Encryption is a barrier only to people not really interested, the interested people can break it. If you really have something to hide you need to operate on another level. Once you become a target they will see everything you say and do. They can enter your homes, monitor your calls, internet usage, banking, shopping, comings and goings, but that doesn’t mean they know what’s going on.

  10. VK says:

    Best to use a dumb phone. No way that’s hackable and staying off social spy media.

  11. posa says:

    How about swapping out an iPhone every few weeks and maintaining several phones.. some the cheap, dump ones just to place calls using phone cards etc… This costs very little while enemies are paying mega-bucks to maintain surveillance one phone.

    • Ivy says:

      Swapping phones (admittedly, Blackberrys, but were there others, too?) seemed like a good idea at the time for Hillary ;p

  12. Edward E says:

    “Pegasus can use the camera to take snapshots or screen grabs. It can deny the phone access to certain websites and applications” hmm, for nearly a week I was shut off from any news and economy related sites. (no Zhedge, WS, PCR, Stockman, ICH, Armstrong, CP, SC, Saker, POM, etc.) I sent an email to Dr. Paul Craig Roberts about it and he said it was on my end, that no other readers reported having the experience. Then within a short time all access was mysteriously restored.

  13. Bobcat says:

    The genie is out of the bottle. Pegasus or systems like it will become so inexpensive that all kinds of organizations will have this capability.

    Think you’re safe. Don’t be so sure. PCs, Mac’s, tablets can all be hacked.

    Use old phones? Good luck with that. AT&T has lobbied relentlessly for POTS to be discontinued. Sooner or later, they will succeed.

    Can’t wait until all this collected data is used against “muppets”? You mean it isn’t already being used against them? News flash: this has been happening for some time. There’s no telling how extensive this is.

    • nhz says:

      and now the good part: this stuff will leak out or become so cheap one day that the muppets can use it against the crooks that are ruling us, the politicians, central bankers and other elites. While spying on the average muppet is boring and bound to turn up very few interesting facts, spying on the elites could be a lot more interesting. Especially as many of them probably use more ‘hightech’ than the average citizen (like home automation systems, more advanced cars etc.). Would NSA be filtering out the data about the elites and make sure it never gets archived? I doubt it …

      There is a treasure of criminal activities waiting to be exposed. We had Snowden and a few others exposing some inconvenient truths. But others will follow and it will be impossible to stop them.

  14. Moi says:

    Project Echelon* was reported in the mainstream news back in 1998. That’s the name given to authorities efforts to record all calls, emails, texts, etc of the general population. So all of this is very very old news.

    Privacy died decades ago.

    *Project Echelon articles are still available on slashdot.org

  15. Aussie says:

    Throw them in the bin! End of problem. There are numerous phones out there other than iphone shit, some are even user protective. Forget iphone, forget mac, forget windows. Try linux! Ubuntu has just released a nice easy phone that does everything the others do, and for half the price and most of your privacy protected!

  16. michael says:

    They can collect all the information they want. All they are going to get is a few pictures of my daughter, grandchildren, my dog.

    • nhz says:

      reality is, among all that innocent data there is always something that they can use – out of context, or with a bit of manipulation – to frame you for something. I have no doubt this is done by NSA and others to make sure politicians and other players stick with the plan.

      I have read stories of people who e.g. were framed because some secret service places child porn images or other ‘wrong’ stuff in a hidden folder on their computer (quite easy …)

      It’s really tough to use these technologies to prevent terrorist acts etc. (the official purpose), but it’s easy to find or place some dirt on someone specific.

  17. vooks says:

    Paranoia is more dangerous than the actual spying.

    I have come to trust iDevices more than anything else, but I’m having second thoughts

  18. Josh W says:

    What BlackBerry phones! They make 3 distinctly different operating systems. The legacy Java OS was hacked by the Hacking Team, and obviously has zero day flaws. The Android one is also obviously compromised (it runs Android). But what about BlackBerry10, the QNX-based OS? It just achieved the highest security certification the DoD offers. Has it too been compromised? I’d really like to know.

    • nhz says:

      If it is still on the market (in the US or US-friendly countries) you can bet that it is compromised; otherwise they would not allow it.

      Highest security certification from DoD probably means it has a private DoD (NSA/CIA/Mossad) backdoor ;-)

  19. night-train says:

    I don’t see the problem here. As long as you stay off the Internet……oops!

  20. nhz says:

    “a super-secure phone for government officials.”

    from a (formerly) Israeli company … I wonder how many politicians are stupid enough to believe these communications will be ‘safe’; maybe if they are part of the tribe, but otherwise … count on it being used against you at the right moment.

    The Dutch secret services have outsourced phone tapping (the Dutch used to be number one or two worldwide for phone tapping for many years) to the Israeli secret service, or later spin-offs from them. There have been plenty of examples why this is a bad idea but AFAIK they still use them on a remote basis (Israeli eavesdropping equipment everywhere that sends the interesting data to Israel for analysis).

    Of course it is convenient for both governments as they share some political and commercial interests (commercial: both countries are really big in illegal drugs sales).

  21. RD Blakeslee says:

    The point was made a few posts ago that even “dumb” flip phones can be used for surveillance if the carrier is hacked, and the carrier also knows the location of ant cell phone, EXCEPT:

    Remove the battery when you’re not using it.

    But, the cell phone carrier’s having your location info might be of more value than your privacy, e.g. are you kidnapped in a bad guys trunk?

    * chuckle *

  22. Julian the Apostate says:

    I too had some issues with ZH for a while. My iPhone kept trying to download some website. I had touched nothing, as soon as I got on ZH’s home page, bam! I instantly backtracked to ZH and it might let me read a paragraph and it was right back at it. After 3 or 4 tries I was able to read uninterrupted. This went on for a week to ten days, then quit. I have no idea what it was about or if it succeeded. This was about the time ZH changed the homepage to just article titles. Did any of you run into this? Just curious.

  23. Tim says:

    corporate mission statement is “Make the world a safe place.” … keeping the world safe for predators, parasites, perverts etc.

    They don’t care about the dust bunnies under the couch, or the dirty laundry.

    Industrial espionage. Germany is like the the most spied on country in the world, for industrial secrets.

    ‘point 12’ on the list. (Or did I not read it all, my eyes missed it?)

  24. m haney says:

    High Time to get off the grid, and YES that is still possible.

  25. Kuni says:

    So to recap: Dig out the old flip phone.

    To quote Martin Lomasney: Never write when you can speak. Never speak if you can nod. Never nod if you can wink.

  26. Graham says:

    It always amuses in a rather ‘deary me, what are those children doing?’ way to see the government/military listening in on everyone and everything.

    When you see the Pentagon terrorists fighting the CIA’s terrorists in Syria, and the lies about Iraq, the strange tale of WTC7, the fallen tower whose plane didn’t get there on cue, the strange groups of people outside the Pulse, dutifully carrying people toward the nightclub eclipsed only by the mysterious total absence of any ambulances, it begs the obvious question – what are they doing?

    And all alog you have all the big agencies tirelessly working away spying on everyone and everything. Protecting democracy by failing to intervene when the DNC was pushing out Bernie? No – not even there at the root of the American Way.

    What’s it all for? To gauge the public mood? You don’t need spying for that though.

    Yes, it’s true, all this spying is a complete and utter waste of time, money and resources, and helps no one except the managers and operators of these companies.

    Parasites.

    • d says:

      All this non military intelligence spying, is a direct reflection of the successes of the muslim terrorist. Think about the cost of it. Build a lot of hospitals and schools with that money.

      Their Objective is to make the west, more repressive than the places they live in.

      They are doing quiet well.

      Conspiracy theorist’s like yourself, help them a great deal.

      At least your, “America did it to themselves”, is better than the normal pro Muslim, pro nut job, “Israel did it”.

      Muslim Terrorist did it.

      Their objective was, and still is, to start a war that lead’s to an Armageddon event, in which Islam will arise supreme.

      To date they have failed.

Comments are closed.