Ok, So Maybe Your Phone IS Listening To You
With Tools Like NSO Group’s Pegasus Spyware Anyone’s Phone is Up For Grabs
Is my cell phone listening to me? That is the question I get asked most often as a self-proclaimed technology expert. Most of the time it is because someone sees an advertisement and remembers recently having a conversation about the same thing. No, I tell them. It doesn’t work that way. But there is a catch. If you happen to draw the attention of a government-security agency, all bets are off. Your phone’s location, files, contacts, and photos are theirs for the taking. And not just your government--any government.
Spyware has been around since the dawn of the Internet, but a private company based in Israel called the NSO Group has taken it to the next level. The company has developed a world-class collection of exploits, called Pegasus, that is capable of defeating the security teams at Meta, Apple, Google, and Microsoft. More importantly, it offers those capabilities to pretty much any government that can pay for it.
Ronan Farrow digs into the NSO Group's capabilities in the latest issue of The New Yorker. NSO Group must get the Israeli government’s permission before doing any international deal, but that hasn’t been much of a problem. Shalev Hulio, NSO Group’s C.E.O., says its tools are used lawfully by governments to prevent crime and terrorism. This is almost certainly true, but those aren’t the only applications.
Just peruse a few of the targets according to the Citizen Lab, a Toronto-based research firm that tracks Pegasus attacks:
More than sixty phones owned by Catalan politicians, lawyers, and activists in Spain and across Europe have been targeted or infected. Catalonia is seeking political independence from Spain, and the Spanish government obviously objects.
Members of Rwanda’s opposition party
Journalists exposing corruption in El Salvador
The phones of Javier Valdez Cárdenas’s associates in Mexico. Cárdenas was killed while investigating Mexican drug cartels.
Phones belonging to four Jordanian human rights defenders, lawyers, and journalists were hacked with NSO Group’s Pegasus spyware between August 2019 and December 2021.
Princess Haya, the ex-wife of Sheikh Mohammed bin Rashid al-Maktoum, the ruler of Dubai, and her lawyers.
Someone that works at 10 Downing Street, the office of Boris Johnson, the Prime Minister of the United Kingdom. The phone, and person, were never found.
Jeff Bezos? It has never been proven, but there is evidence that the world’s second-richest man may have been a victim of Pegasus.
Both the CIA and the FBI have admitted to using Pegasus software. Nonetheless, the Justice Department has opened an investigation into the company. Both Apple and Meta are suing NSO Group. The company itself seems to be bucking under the combined pressure of government action, tech resistance, and bad press.
Global commercial spyware is estimated to be worth more than twelve billion dollars annually. Even if NSO Group closes up shop, there are plenty of competitors. They are based in countries like Israel, Russia, and China, where there is relatively little oversight. As NSO’s Hulio told Farrow:
Companies found themselves in Singapore, in Cyprus, in other places that don’t have real regulation. And they can sell to whoever they want.
All this is to say, I may need to amend my blanket statement about your phone not listening to you to a… cautious maybe?
Today’s Bits
It’s happening: Elon Musk strikes deal to buy Twitter for $44 billion
Here We Go!
Utah-based IT firm is automating accounting and payroll with AI bots
We Can Change Minds, Says the World’s Most Popular Climate Scientist
