NSO malware accessed executive's iPhone within minutes
While the Pegasus software accessed the man's iPhone while he was in the company's offices, the attack was not wide, and the entrepreneur had volunteered his phone.
An entrepreneur, who works for an unnamed Israeli company, told Vice's Motherboard website this week that when he visited the offices of Spyware vendor NSO, he was asked if he wanted to receive a demo of the company's notorious Pegasus spying software.
When he volunteered a secondary iPhone and placed the phone on his desk, the NSO personnel compromised the phone within "5 to 7 minutes," placing the phone's screen on a large display in the room, accessing photos, emails, and even the microphone. And they got access without even getting the executive to click on a link.
It's an impressive feat, but the hacking of the phone was of only one target, one who had volunteered his phone and phone number. NSO, Vice said, had been known to do such things during demonstrations.
NSO Group, founded in 2010 in Israel, has often been controversial, with critics accusing it of helping governments crack down on political dissidents. In July a disgruntled NSO employee was indicted for stealing and attempting to sell the Pegasus code.
Apple has, multiple times in recent years, released patches in iOS and macOS to address vulnerabilities exploited by Pegasus.
NSO Group provided Vice with a statement in which it laid out its policies, including that signing up new clients requires permission and an export license from Israel's ministry of defense. Also, its product "cannot work" inside the United States.
"NSO's Business Ethics Committee, which includes outside experts from various disciplines, including law and foreign relations, reviews and approves each transaction and is authorized to reject agreements or cancel existing agreements where there is a case of improper use," the company said in that statement to the publication.