Last week, researchers from the University of Toronto's cybersecurity organization discovered that a Saudi activist's iPhone had been infected via the iMessage app, Apple's messaging system, with Pegasus spyware.
This spyware from the Israeli company NSO is used in particular to target politicians and journalists without their knowledge.
And unlike the majority of other spyware, Pegasus manages to break into computer equipment without resorting to tricky links or buttons.
To read alsoPegasus case: "It will be very difficult to have proof"
According to Citizen Lab, this computer attack had existed "since at least February 2021".
It "targeted Apple's image rendering library, and worked against Apple iOS, MacOS, and WatchOS devices," Apple's operating systems.
"After identifying this flaw, Apple quickly developed and deployed a patch in iOS 14.8 to protect our users," said Ivan Krstic, director of security systems at Apple.
Access all data on a phone without a single click
Still, these attacks are permanent threats for IT giants. This type of "ultra-sophisticated" attacks "cost millions of dollars, do not last long and are used to target specific people," added Ivan Krstic. According to him, they are therefore "not a threat to the overwhelming majority of our users." "
“In the past, users could be trained to avoid infection by being careful about suspicious text messages and not clicking on links to numbers they didn't know,” says Kevin Dunne, president of Pathlock, a security company. cybersecurity at AFP. "But now attackers are able to access all the data on a phone, its microphone and its camera, without any clicks, through breaches of third-party applications or even present by default. "
NSO-related spy hacks are unique in that they come from agencies or legal authorities, using software provided by a company, and not from anonymous criminals.
"NSO will continue to equip intelligence agencies and law enforcement agencies around the world with technologies that save lives and help fight crime and terrorism," Israeli society reacted.
50,000 numbers hacked around the world
Citizen Lab had for its part played a key role in also updating the scandal of mass espionage via Pegasus in July.
According to this consortium, in France, a number of Emmanuel Macron or of former Prime Minister Édouard Philippe and other members of the government were "in the list of numbers selected by a security service of the Moroccan state, user Pegasus spyware, for potential hacking.
Once again in this affair, Israeli society is singled out.
According to Amnesty nearly 50,000 phone numbers in the world have been hacked by this software since 2016. Pegasus allows "to buy your own NSA", the American intelligence agency, had joked in July Ron Deibert, the director of Citizen Lab.
“Selling these technologies to governments who will use them in violation of international law and human rights ultimately facilitates the discovery of this software by research organizations, as we and others have shown on multiple occasions.
This was still the case this time, ”the laboratory said on Monday.
Last March, the American think tank Atlantic Council had already sounded the alarm on the dangerous role played by NSO and other companies specializing in the sale of intrusion tools in smartphones and other computer systems.
These experts and politicians like German Chancellor Angela Merkel have called for more restrictions on the sale of this type of software, operated by states but not only.