back to article NSO Group's Pegasus malware was used to spy on Dubai princess's lawyers during child custody dispute

Cherie Blair tipped off a Jordanian princess that the royal's estranged husband, the Sheikh of Dubai, had deployed NSO Group's Pegasus malware against her and her lawyers, a series of explosive High Court judgments [PDFs] have revealed. Set against a backdrop of kidnappings, espionage and a bitterly contested child custody …

  1. MJI Silver badge

    How about Android?

    How secure is it?

    1. Yet Another Anonymous coward Silver badge

      Re: How about Android?

      You just need to buy a Chinese Android phone that is banned from any connection to Google and its 3 letter friends - then you know it's only spied on by the Glorious People's Revolutionary Army of Peace and Prosperity for all Toiling Peasants

      (sorry my phone seems to do that when ever I try and write anything about The Great Leader )

      1. Fruit and Nutcase Silver badge

        Re: How about Android?

        What happens if you try typing Winnie the Pooh?

    2. DJV Silver badge

      Re: How about Android?

      Probably every bit as secure as Windows.

    3. Snake Silver badge

      Re: How about Android?

      The Amnesty International link in the story to the analysis doesn't paint a great picture:

      "In Amnesty International’s experience there are significantly more forensic traces accessible to investigators on Apple iOS devices than on stock Android devices, therefore our methodology is focused on the former. As a result, most recent cases of confirmed Pegasus infections have involved iPhones.

      While iOS devices provide at least some useful diagnostics, historical records are scarce and easily tampered with. Other devices provide little to no help conducting consensual forensics analysis. Although much can be done to improve the security posture of mobile devices and mitigate the risks of attacks such as those documented in this report, even more could be achieved by improving the ability for device owners and technical experts to perform regular checks of the system’s integrity.

      Therefore, Amnesty International strongly encourages device vendors to explore options to make their devices more auditable, without of course sacrificing any security and privacy protections already in place. Platform developers and phone manufacturers should regularly engage in conversations with civil society to better understand the challenges faced by HRDs, who are often under-represented in cybersecurity debates."

      So Android has less forensic traces accessible, and therefore makes exploits like this harder to diagnose.

      This needs to be addressed and fixed IMHO.

      1. Yet Another Anonymous coward Silver badge

        Re: How about Android?

        > As a result, most recent cases of confirmed Pegasus infections have involved iPhones.

        Could be a side-effect

        If your targets are high ranking / status / rich they are more likely to have an iPhone than a cheap Chinese Android.

        1. Snake Silver badge

          Re: How about Android?

          It is more of a status symbol thing with iPhone, if you wish to consider that comparison. There are plenty of high-end Android phones out there, no need to purchase a "cheap Chinese Android" phone if you wish, what with Samsung Folds, gold-plated diamond & ruby Samsung / Caviar S20's, etc available.

      2. Fazal Majid

        Re: How about Android?

        It's because NSO was sloppy in its attempts to cover its tracks from a couple of SQLite process accounting databases used by Apple to track network activity per app (so they can report to you network usage in the Cellular control panel, presumably), or did not vacuum the databases to expunge the deleted rows from the filesystem. I'm sure they've fixed that since once the Amnesty International and Citizen Lab methodology was published.

        https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/

      3. chuBb. Silver badge

        Re: How about Android?

        Id argue apart from the valid observations of iphones being status symbols and additional telemetry db's on apple devices, that an android device is much easier to scrub clean and is much more widely understood OS vs iOS due to it being an inherently more open system.

        As for combating this sort of thing, given the suspicions of rouge cell towers (or just compromised cell towers its not like security is much better than on a street light) seems tricky without reinventing how urls work, only thing i can think of that might be effective is to effectivly ddos and destroy the signal to noise ratio of the gathered intel through mass infection of devices, but i dont know if an "im sparticus" retaliation would be effective or if it would just cause a lot of collateral damage...

    4. Ken Hagan Gold badge

      Re: How about Android?

      Both Android and iOS are insecure by design. The underlying OS may be securable but the end-user model is that the person holding the gadget van do anything they like. Since most end-users are clueless about IT security, this is about as secure as MS-DOS.

      The fix is an explicit distiction between being a user and being an admin. Both OSes could do this but have chosen not to.

      If MS want to play in the phone space, they should just release Normal Windows and point out that, firstly, a domain-joined phone could be managed by Group Policy, which might appeal to corporates, and secondly that even a stand-alone phone could be more secure for children simply by with-holding the admin password from them.

  2. Mishak

    NSO ... terminated its contract

    Does that mean:

    1) All intercepts are routed though NSO?

    2) The software is not active if there is no contract in place (some sort of remote license check)?

    3) ...

    Or can they just continue to use what they already have?

    1. yetanotheraoc Silver badge

      Re: NSO ... terminated its contract

      NSO undoubtedly is controlling both ends of the surveillance. So, the Sheikh deployed the software against his wife, but simultaneously deployed it against himself. The timing of the two tip-offs also suggest that NSO is well aware of any IP-sniffing countermeasures being employed against them.

  3. Anonymous Coward
    Anonymous Coward

    Is there a Chinese Wall

    between the two sides of the Blairs' double bed?

    1. Yet Another Anonymous coward Silver badge

      Re: Is there a Chinese Wall

      Or a 3rd way ?

    2. DJV Silver badge
      Windows

      Re: Is there a Chinese Wall

      Now I've read that, I need mind bleach....

    3. Fruit and Nutcase Silver badge
      1. Anonymous Coward
        Anonymous Coward

        Re: Is there a Chinese Wall

        One can only hope her replacement shags Murdoch to death.

        1. Fruit and Nutcase Silver badge
          Joke

          Re: Is there a Chinese Wall

          It would appear that Rupert's ticker is standing up to Death by snu snu at the hands Jerry Hall

  4. Yet Another Anonymous coward Silver badge

    Middle East peace envoy

    Arab leaders buying Israeli weapons is obviously a start to Blair's plan for peace and cooperation

  5. Anonymous Coward
    Anonymous Coward

    An autocratic ruler who is abusing a surveillance tool for their own gain?

    Next up: Rain gets you wet.

    1. brett_x

      Yes, rain gets you wet and trolls don't read articles.

      I found this article to be extremely interesting because it crossed over law, technology and yes, foreign rulers.

  6. Anonymous Coward
    Anonymous Coward

    Drama

    It's nice to know the scourge of the earth have more drama than the rest of us. I will sleep well tonight.

    1. MiguelC Silver badge

      Re: Drama

      while ignoring the victims in this story? to each one their own, I guess

  7. First Light Silver badge

    Horrifying

    The details here are much scarier than the bland summary by non-tech outlets. Especially the part where a security firm couldn't even find the stuff. How many layers of expertise do you need for that?

    I have several questions. How many people has Cherie Blair personally called about this software? Is it only royals that get that treatment? Activists and journalists have also been targeted, do they get a heads up from Mrs. B? Or just the wealthy and well-connected?

    And since it now turns out that the same Sheikh tried to buy property right next door to his ex (bear in mind his form in kidnapping his own kids) resulting in a restraining order, will the British and Irish racing fraternity give him the welly up the arse that he so plainly deserves?

  8. DS999 Silver badge

    A British firm found "no sign of surveillance"

    When there were "suspiciously named apps" installed? I can't imagine a supposed mobile forensics company being unable to recognize that and follow up on it. And since when does a root level exploit require "suspiciously named apps"? If your exploit lets you control the OS, why do you need other apps involved at all?

    Seems more likely that British firm has some type of relationship with NSO, at the very least as their customer, and didn't want to tip what they knew and hurt NSO's business by making that public in court (if for no other reason than the publicity would cause Apple to quickly fix those holes - as they in fact did - and ruin ongoing NSO's surveillance for all their other customers unless/until they were able to re-hack their phones with a fresh set of exploits)

    1. Androgynous Cupboard Silver badge

      Re: A British firm found "no sign of surveillance"

      Harsh. Pegasus is not your usual malware - there can't be many people on the planet who would have the expertise to dig into it. As stated their lawyers needed a UK firm - they probably found one in the phone book and gave them a call. Hats off to them for saying it's beyond their abilities rather than blustering.

  9. Anonymous Coward
    Anonymous Coward

    Serious article

    A very serious and informative article of surveillance and counter surveillance, unlike the versions that have made some news media outlets. Though I find it strange that someone in her position, with such a privileged life and powerful (ex)husband would spread their life over facebook and an i-phone just like the plebs amongst us. Frightening that it went as far as her own legal team and advisors, who were not necessarily even in her own country or administration. How did this malware get onto to so many phones which should have been subject to high levels of security in the first place?

    But without doubt, the most interesting bit was the fact that Dilbert was somehow involved...... "

    An internet search of PHB led to news stories "

    Yes, I bet it did.

  10. W.S.Gosset Silver badge

    Expert witness...

    > and, legally, had not been instructed as experts for the court proceedings.

    Meaning they were probably actually expert.

    "Expert Witness" is a rort. It's a job description in itself, a sub-industry of law not any actual technical field, populated by borderline retarded incompetents who've stumbled across the gravy train of legal proceedings and discovered they need merely speak very slowly and authoritatively, throw in some jargon, underline their boffinry by being vague and struggling to explain in simple English matters they pretend are recondite, and above all knowing the legal admin procedures for the case prep period.

    As a pungent example, you'll note the duly appointed expert witness, IntaForensics, declared there was nothing untoward about the phone in question. Then got the fuck out of there when they realised the jig was up.

    1. eldakka Silver badge
      FAIL

      RTFA

      > and, legally, had not been instructed as experts for the court proceedings.

      Meaning they were probably actually expert.

      RTFA!
      As the Court of Appeal noted, the company is based outside the UK's jurisdiction and therefore its views "would remain confidential to the father and would not be disclosed to the mother or the court."

      Put another way, Sygnia could have extracted more data for the sheikh to use against Princess Haya – or even tipped off NSO as to Marczak's precise attribution method, enabling the malware vendor to shut him out in future. Had Sheikh Al Maktoum formally instructed a UK-based expert witness, the underlying data would have been disclosed – but he didn't.

      1. W.S.Gosset Silver badge

        Re: RTFA

        No shit sherlock.

        RTFComment -- I took a term and expanded tangentially

  11. Anonymous Coward
    Anonymous Coward

    At least this case has been investigated

    There are plenty of other Pegasus-related cases which, even when discovered, have no active investigation or, even worse, the investigation body ends to be the same state who deployed it in the first case, like Spain with the Catalan regional government officials.

  12. Anonymous Coward
    Anonymous Coward

    That Amnesty International tool is also part of an iOS management product

    The not-so-fantastically-named MacOS app called iMazing has the Amnesty detection tools integrated. You first need to make a backup, and you can then tell it to run its analyser over it to pick up traces of this infection.

    Personally I think that could make for a good feature of the iOS backup process itself.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021