Amnesty International Confirms Apple's Warning to Journalists About Spyware-Infected iPhones

TechCrunch reports: Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi's government. Officials publicly doubted Apple's findings and announced a probe into device security.

India has never confirmed nor denied using the Pegasus tool, but nonprofit advocacy group Amnesty International reported Thursday that it found NSO Group's invasive spyware on the iPhones of prominent journalists in India, lending more credibility to Apple's early warnings. "Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said Donncha Ã" Cearbhaill, head of Amnesty International's Security Lab, in the blog post.
Cloud security company Lookout has also published "an in-depth technical look" at Pegasus, calling its use "a targeted espionage attack being actively leveraged against an undetermined number of mobile users around the world." It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple's built-in messaging and email apps, and others. It steals the victim's contact list and GPS location, as well as personal, Wi-Fi, and router passwords stored on the device...

According to news reports, NSO Group sells weaponized software that targets mobile phones to governments and has been operating since 2010, according to its LinkedIn page. The Pegasus spyware has existed for a significant amount of time, and is advertised and sold for use on high-value targets for multiple purposes, including high-level espionage on iOS, Android, and Blackberry.
Thanks to Slashdodt reader Mirnotoriety for sharing the news.

If you're a target, take precautions

[sinkskinkshrieks]

Maybe consider using a dumb phone and analog methods instead? Mobile phones are complete listening devices, GPS trackers, comms intercepting, and video surveillance packages all-in-one. Same goes for tablets, smart home devices, and laptops.

Re:

[christoban]

Jesus, even India has astroturfers now.

Re:

[NomDeAlias]

They can probably just find their voice on any call across the telecommunications networks at this point with voice recognition.

Re: If you're a target, take precautions

[Jeremi]

Finding all the calls with a matching voice is easy; filtering out the 15,000 false positives introduced by other people who sound similar is the hard part.

Re:

[NomDeAlias]

Meh the latter is easy too with more data to cross reference and exclude with.

Re:

[VeryFluffyBunny]

After what I've learnt about SIGINT & journalists from following stories about Wikileaks, whistle-blowers, & investigative journalists, it sounds to me like it'd be a good idea to include SIGINT training on journalism courses, e.g. How to get your photos/footage/recording/documents & accompanying analyses & reports out of Saudi Arabia/Israel/Iran/North Korea/UK & reduce your risk of being intercepted at borders or abducted by security services, i.e. publishing the stuff as early as possi

Re:

[93 Escort Wagon]

Yeah, it's not like Pegasus can be used against Android phones [androidauthority.com]...

Re: All Your Lies Are Belong To Us.

[Jeremi]

The Apple deflector has a point, though. Insecure cell phones is a problem for everyone, not only Apple users, so when you sit back and laugh at them, youâ(TM)re only fooling yourself.

Re:

[zenlessyank]

My tapered turd has a point too. Like an Apple user will know how to analyze his OS and hardware. I will be laughing for quite a long time.

Re:

[drinkypoo]

Only Apple users think their phones are 100% secure because Apple won't let them sideload, hence the well-deserved mockery.

Re:

[Plumpaquatsch]

While Fandroid believe their phones are secure because, well, they are stupid to begin with.

Re:

[drinkypoo]

I don't believe any computer is absolutely secure.

I believe that Android is approximately as secure as iOS, but Android users are more likely to do dangerous things, and are allowed to do one dangerous thing that Apple users aren't.

Re:

[Plumpaquatsch]

Dangerous things like visiting web pages?

Re:

[drinkypoo]

Dangerous things like visiting web pages?

Visiting web pages is also dangerous on iOS, where you have only one browser option, and it has been known to have security issues [digitalinf...nworld.com] and other problems [apple.com]. You can reskin your browser multiple ways, but you can't outright switch to another one, so when there's a problem in your browser you're just screwed.

Admittedly, even on Android you do need to be root to replace system webview, and not all devices are rootable, but at least some are and you can choose between them. All iOS devices come from Apple, and none o

Rather than warn journalists...

[BitterOak]

Rather than warning journalists that their phones may be compromised, why doesn't Apple instead patch the vulnerabilities so the phones won't be infected in the first place!?!?

Re:

[zenlessyank]

Because laws and money. Ain't that a bitch?

Re:

[Anonymous Coward]

Then the US government wouldn't have access.

Re: Rather than warn journalists...

[beelsebob]

Presumably, they donâ(TM)t know how to patch the attacks. It wouldnâ(TM)t surprise me if Pegasus was exploiting side channel and timing attacks similar to spectre. Many of those hardware attacks canâ(TM)t easily be patched without crippling performance.

Re:

[Mr. Barky]

Just a guess... Apple probably has added detection code for known previous flaws, possibly a few bugs were fixed that the Pegasus team didn't even know were fixed (it likely takes at least a few days between an OS update, there new tests to detect what still works/doesn't work and a new version of Pegasus - and then the users of Pegasus need to upgrade to that version which likely takes at least a few more days). So with every OS update, Apple (and Google and Microsoft... they're also targets of this sort o

Sad

[Retired Chemist]

It is sad watching Indian democracy collapse under a fascist bigot. India has the potential to be a great country, but it is rapidly sinking into dictatorship and anarchy.

Let's clear this up ...

[Ronin Developer]

Unlike the crap spewed by Trump and his cronies at rallies and on FoxNews, "Fascism" is a right-wing, not leftist, form of government. It's like saying fasicsm and (neo) Nazism are on the same end of the spectrum as socialism and communism. Trust me, they aren't.

Here's the definition to clarify things for you:

https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[Anonymous Coward]

no Trump didn't participate in an insurgency

There goes what little credibility you may have had
moving along.

Re:

[noshellswill]

Kommi.kon definition of fascism;  epublican fascism is perfectly natural.  Mobocracy not-so-much.   But, details aside ....  lets cut to the chase.  Would you prefer  to live under Stalin or Hitler  or be shot dead fighting both?  Out with it Bosco. 

Re:

[christoban]

If you can't follow the entire conversation, it's best not to jump in in the middle.

Re:

[VeryFluffyBunny]

Nationalsozialistische Deutsche Arbeiterpartei (National Socialist German Workers' Party) = NAZI party. They called themselves socialist because that was their means to get into power at the time.

The means today appears to be anti-LGBTQ, anti-abortion, anti-women's rights, anti-immigration, anti-human rights, anti-rationality, & anti-science sentiments, all with an excessive dose of scapegoating minorities. The underlying thirst for power by any means necessary & being willing to do horrible thi

Re:Sad

[Retired Chemist]

You are within your rights to dislike authoritarian liberals. I don't like them much either, but I dislike "so-called conservative" racist bigots even more. However, you need to look up the meaning of fascist, it is not just an insult, it actually means something. A liberal fascist makes about as much sense a conservative socialist. I am sure they both exist, but they are pretty rare animals.

Re:

[taustin]

You are within your rights to dislike authoritarian liberals. I don't like them much either, but I dislike "so-called conservative" racist bigots even more.

As opposed to the "so-called liberal" racist bigots who literally burned cities when Queen Hillary got handed her ass by Bozo the Clown?

However, you need to look up the meaning of fascist, it is not just an insult, it actually means something. A liberal fascist makes about as much sense a conservative socialist. I am sure they both exist, but they are pretty rare animals.

Speaking of looking up the definition:

fascism
noun
fascism fa-shi-zm also fa-si-
Synonyms of fascism
1
often capitalized : a political philosophy, movement, or regime (such as that of the Fascisti) that exalts nation and often race above the individual and that stands for a centralized autocratic government headed by a dictatorial leader, severe economic and social regimentat

Re:bad

[noshellswill]

While kommi-con is the dikkhead of the parasite statists fascism still values  superior effort & productivity  as much as superior blood. Who you  are is what you produce ! Kommi.kons use the state like a dildo, while  Fascists use the state as a forging hammer. Get the difference ?

Re:Sad

[Retired Chemist]

Bigotry is unfortunately not limited to people of any particular political stripe, but it is far more common among conservatives, because wanting to keep things the way they are means supporting existing discriminations. I never said that liberal fascists could not exist, I merely said that they would be rare. Ultranationalism, militarism and the other facets of fascism are in opposition to liberal beliefs. Not everyone who is a Democrat is a liberal nor is every Republican a conservative. Sometimes they are moderates although that appear to be a dying breed and sometimes, they are something much worse.

Re:

[taustin]

Bigotry is unfortunately not limited to people of any particular political stripe, but it is far more common among conservatives

The news coverage says otherwise.

Re:

[Anonymous Coward]

Bigotry is unfortunately not limited to people of any particular political stripe, but it is far more common among conservatives

The news coverage says otherwise.

Only if you drink the Kool-ade of Fox News. Sorry, Fox Entertainment. They stopped being a news organization when they started propagating known lies for better ratings among conservatives. .

Re:

[drinkypoo]

You can't have a liberal fascist, because being hard-right is part of the definition of fascism.

Re:

[gweihir]

You seem to be mentally defective. Because these one of these three words does not go with the other two.

Re:

[NotEmmanuelGoldstein]

... leftist fascist authoritarians.

Translation: corporations-don't have-rights corporations-have-more-rights "authoritarians".

What this obvious self-contradiction really means is "it's not a crime when my team does it".

This is another right-wing parrot repeating Fox News propaganda.

Re:glad

[noshellswill]

Lefty authoritarian ?  DemoRat ?? Traitorous Quslings pimping in hordes of narco/MEX/GUAT/LUMBO cartel mules that can  be vote-herded as easily as NIKElooting 75-IQ ratchets. Yep ! THOSE authoritarians ...  and if  USA  yeomanry get the chance with a TRUMP victory they should crush  them out like  pomegranates on cobblestones. Watch the red-juice-flow. 

Re:

[christoban]

Someone get this guy his meds.

Re:

[christoban]

It's funny how your arguments only work if you first shove a bunch of nonsense in my mouth.

Re:

[Anonymous Coward]

It's always been like that under Modi (now almost a decade). However reporting about India has been always in good light irregardless to what India does due to US trade and not military tensions with China. If something bad is reported about India, it quickly leaves the news cycles within days. India assassinated someone in Canada. India kicked out dozens of Canada's diplomats when that happened. Canada didn't kick out India's diplomats, except the person they thought was in charge of the assassination

Re:

[NomDeAlias]

Their gov is quickly turning into an international pariah.

Re:

[NomDeAlias]

Yes really, they've been caught plotting and executing clandestine assassinations on foreign sovereign soil.

Re:

[NomDeAlias]

You're in denial. Foreign governments care. Amnesty International only confirmed what was already announced your focus on them is hilarious. Just saying their name and scoffing isn't going to change reality. My comment has nothing to do with Amnesty International and you've been unable to make a coherent point.

Re:

[NomDeAlias]

Amnesty International has nothing to do with India's recent troubles on the international stage.

Re:

[gweihir]

They did elect him, right?

iphone 13

[FudRucker]

with iOS17.2.1 is this ios version vulnerable? i checked the app store for Pegasus detection apps and nothing for it

Re: iphone 13

[gnasher719]

"Pegasus detection apps" - an ios app written by a third party should not be able to detect what other apps are installed on my phone. Including Pegasus. IOS itself could, obviously. And probably has, because otherwise how did Apple manage to earn these people?

Re:

[93 Escort Wagon]

Amnesty International offers a Pegasus detection and removal tool. But they state it's not for the average Joe - apparently it's somewhat involved to use.

https://docs.mvt.re/en/latest/ [docs.mvt.re]

Re:

[Mr. Barky]

There probably isn't much value in a detection app, at least not that uses the current instance of the OS (Pegasus probably has good code to hide its tracks in memory well). Pegasus, by its nature, is exploiting a set of unknown vulnerabilities. The moment they are known, they get fixed fairly quickly. Pegasus is (probably... I am just speculating) finding new vulnerabilities all the time and retiring the ones that have been fixed. As I mentioned in a previous post, there is a window between when a new OS v

Re:

[Plumpaquatsch]

https://www.forbes.com/sites/d... [forbes.com]

The human rights organization Amnesty International has developed a utility that allows you to identify this malware. It is called MVT (Mobile Verification Toolkit), and its source code is available on GitHub.

The MVT utility is compatible with Android and iOS, but there are no ready-made solutions for the quick installation of the application. They need to be compiled for a specific device, which can be done only on a computer with Linux or macOS.

The utility saves a backup copy of the data from the smartphone on the computer, scans all data and checks if the device is infected with the Pegasus spyware, and informs the user if information from his device could be compromised and transferred to third parties.

This utility, in particular, scans data transfer logs - it is there that infection indicators can most likely be found (information about sending calls history, SMS, IM messages, and other things to a remote server). On iOS, these logs are stored longer than on Android, so it is much easier to detect the Pegasus spyware on the iPhone. Given the complexity of using the Mobile Verification Toolkit, this utility should only be recommended for tech-savvy users or those who suspect Pegasus is tracking them.

India is untrustworthy

[Baron_Yam]

I mean, they assassinated a Sikh on Canadian soil and then threw a shit fit of denial and defiance when our PM pointed it out.

So Modi is behind it? No surprise.

[gweihir]

Dog that got hit, barks. They did elect that asshole though, right?

Re:

[dryeo]

The question with these types is whether the re-election was a fair election. When you jail or assassinate political opponents, do things like removing a large States status as a State, suspend parts of the Constitution and are in charge of vote counting, it becomes questionable whether the re-election was honest.
Lots of dictators started out by honestly getting elected.

Re:

[gweihir]

Indeed, including the worst of the worst. Makes one almost wish that such cretins get judged in the afterlife. (Which I do not think happens, you just get reincarnated someplace again.) Trump tried it too, but was too incompetent. But the American people may be stupid enough to give him a 2nd chance.

Re:

[dryeo]

What is scary is how many people are attracted to authoritarianism. Something like a third of the population are authoritarian themselves and find authoritarians very attractive, throw in a lot of repeated bullshit, as it seems if you repeat a lie enough, it is believed, and the need for a change and they get elected, often with a big enough majority that they can change things to stay in power.

Re:

[gweihir]

Yep. About that many people do not want freedom, for themselves or anybody else. It scares them deeply.
Good reference I found that explores this more: https://theauthoritarians.org/ [theauthoritarians.org]

Re:

[dryeo]

Oh, they want freedom, look at the names, "Freedom Caucus" "Moms for Liberty" etc. Just their view of freedom is freedom for themselves to remove others freedoms. They heard the meme that "Your freedom to swing your fist ends where my face is" and think it means that you are in the wrong to have a face and remove their freedom to swing their fist, making you the enemy.

Re:

[gweihir]

Well, they are so scared of the concept of freedom that they even try to redefine the word...

SAD!

[CmdrPorno]

We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements. They will have to step up to the plate and help our great Country, NOW! MAKE AMERICA GREAT AGAIN. #maga #magaAGAIN #trump2024