Pegasus spyware scandal uncovered by fake image file on an iPhone
AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.
The scandal over NSO Group’s Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist’s iPhone, a report states, a discovery that prompted international outcry over privacy.
In July, it was reported that spyware known as Pegasus was used to hack smartphones, including iPhones, owned by journalists, activists, and others of interest to some governments around the world. While dozens of smartphones were found to be successfully hacked by the tool, an investigation at the time determined that more than 50,000 phone numbers were of interest to users of the tool.
The investigation led to further scrutiny of Pegasus, NSO Group, and governments who use the tool for surveillance purposes. However, the entire scandal only became known about due to a fake image file discovered earlier that year.
While Pegasus can be made to hide all traces of its existence on a target’s iPhone after offloading user data to its controller, a slip up resulted in a single fake image file being left on Saudi Arabia activist Loujain al-Hathloul’s iPhone, reports Reuters.
After her release from jail in February 2021 on charges of allegedly harming national security, al-Hathloul received an email from Google warning that state-sponsored hackers had attempted to attack her Gmail account. After worrying her iPhone had been attacked as well, she asked Citizen Lab to check the smartphone for any potential evidence.
Six months later, it was discovered that a fault in Pegasus meant it left a single malicious file on the device. The file was later determined to be direct evidence that Pegasus was produced by NSO Group.
“It was a game-changer,” said Citizen Lab researcher Bill Marczak. “We caught something that the company thought was uncatchable.”
The file was used to determine a blueprint for hacks using Pegasus, which enabled Apple to notify thousands of potential victims about the intrusion, sources familiar with the incident advised. It also aided Apple in releasing an update to fix vulnerabilities Pegasus used, and later to launch a lawsuit against NSO itself.