NSO’s Pegasus Flies Again!


July 22, 2021

Amnesty International has released a new Forensic Methodology Report about NSO Group’s Pegasus Software and it’s pretty scary.

According to the report, Amnesty International’s Security Lab has uncovered widespread and persistent use of Pegasus to spy on 80 journalists and 17 media outlets across 10 countries as well as a variety of legal professionals (i.e. civil rights lawyers) and humanitarian aide workers.

Pegasus directly targets Apple’s iPhone, and is able to compromise a variety of functions. The Amnesty International report says recently it’s being used to access iMessage specifically.

We covered Pegasus way back in 2019 when The Financial Times is reported that NSO had developed software that could not only collect data from an iPhone user’s physical device abut also collect all communication between it and the cloud. There’s even a version that works on Android devices.

It can even snoop on third-party apps that communicate via encrypted connections.

According to the report NSO Group only sells to governments to assist with criminal investigations, but there’s some concern more authoritarian parties might be using it to spy on all of their citizens who use IoT devices that run iOS or Android.

How’s it work?

Again, according to the report the Pegasus software is able to capture and clone authentication tokens used for things like iCloud and then introduce a man in the middle attack that allows it to pretend to be the device in question and download whatever the heck it wants.

Facebook, Instagram, your banking app, anything is open game to Pegasus.

Apple’s official response regarding Pegasus is pretty dismissive. In a statement to the Financial Times acknowledged the existence of some very expensive tools that do some of the things Pegasus can do but that they’re all that useful for widespread attacks.

Some background on NSO Group

NSO Group does have a pedigree when it comes to infiltrating trusted apps and service platforms. They were responsible for a WhatsApp hack earlier this year.


Amnesty International has released tools a collection of tools security professionals can use to find affected (or is it infected) devices. The first tool, a database of Pegasus related information can be found here on GitHub.

A second tool, called the Mobile Verification Toolkit (MVT) is also available on GitHub. The MVT allows security professionals a simplified means of acquiring and analyzing data from mobile devices including iOS back ups and filesystem dumps.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

How the Best IT Companies in Minnesota Support the Hybrid Workforce

How the Best IT Companies in Minnesota Support the Hybrid Workforce

After the initial shutdowns and stay-at-home orders lifted following COVID-19, workers throughout the United States and Minnesota decided that the work-from-home model was here to stay. It makes sense -- working from home offers a lot of convenience to your team – and...

Do I Need To Improve My Endpoint Protection?

Do I Need To Improve My Endpoint Protection?

A compromised endpoint gives hackers everything they need to get a foothold in your security network. Once there, they can steal data and potentially hold it for ransom. That’s why it’s so important for business owners to secure their critical endpoints (including...

Multi-Factor Authentication

Multi-Factor Authentication

Granting access to information is a necessity, as is security for both the user needing access and for the information for which access is being granted. The best way to handle this is by establishing user accounts for users. This does several things at once: Allows...