"carefully contracted to only permit legitimate use"
I would love to have the transcript of the contract discussions with Putin.
NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware, though these customers include "more than five" European Union member states. The surveillance-ware maker's General Counsel Chaim Gelfand refused to answer specific questions about the company's customers during a European …
Of course you can get it - they bugged his phone so that they could work out the maximum price he was willing to pay to snoop on the terrorists in Ukraine... all you need to do is pay NSO enough and they'll share that info with you.
Of course, it might be a good idea to go back to using a feature phone after the deal.
icon: careful who you sup with --->
President Joe Biden's crackdown on NSO is to ensure it is sold to a US contractor, with ties to 3 letter agencies and being outside the US of A$$, they can spy on anybody, with immunity from such silly things as Amendment Rights and being based in Israel, have far more relaxed rules on spying on overseas targets.
@Tubz
"Amendment Rights and being based in Israel, have far more relaxed rules on spying on overseas targets."
The US doesn't have any rules on spying on overseas targets. We don't have any Amendment Rights, hell, I'm not even allowed to own assault rifles. The fuss over NSA spying was due to US citizens being 'inadvertently' being caught up in mass surveillance of foreigners.
Different exploits for different use cases.
The NSA exploits leaked by Shadow Brokers were very useful to many people, and remain useful in many cases because lots of folks never update their systems. But they don't include zero-click APTs for current Android and iOS devices.
Pegasus really is very well-done malware, and then there are all the services provided by NSO Group once it's installed – you don't need your own penetration team to make use of it. You can buy similar capabilities from other top-shelf malware vendors, but there's nothing equivalent available for free.
-> to help law enforcement agencies prevent terrorist attacks and break up pedophile crime rings.
But in reality:
-> spying on journalists, activists, everyday citizens, elected officials, and their political opponents.
Remember that the next time you hear some stupid politician in the UK or anywhere else say "it's for the children", for they are lying baskets.
The vulnerabilities exploited by Pegasus are more than adequately explained by normal programming errors. Given the state of software development, there's no need to go to the expense and risk of planting agents within the organizations doing the development. Those resources can be put to better use elsewhere.
Why don't the hacker groups band together and release a Pegasus hunting APP we can all test our phone with?
Or more to the point why are Google / Apple not digging down and protecting their SW ?
I'd hate to think that collusion was going on at a corporate and 3 letter agency level!
Your first suggestion fails in its first clause. Hacker groups won't band together, they (understandably) don't like or trust one another.
Apple has tried to close the exploits known to be used by Pegasus, but there are always more. I assume Google makes some similar efforts, but it's practically impossible to secure a platform whose user can install apps from anywhere.
Yes, there are a number of commentators here who seem to believe Pegasus is a static malware package that uses a single exploit each for Android and iOS. It's not. It's an evolving software product, just like other ISVs produce, and it makes use of multiple exploits that change over time.
As with all software security, this is a game of whack-a-mole.
I'd like to know how many good people (journalist, human rights advocates) were murdered by these governments due to this software enabling the corrupt governments to hunt down those that would expose them.
If any software has earned this name, it is Pegasus; 'Murderware"
When their spyware ended up on the phones of multiple prime ministers?
Obviously they aren't even trying to police their customers' deployments. I mean, if they cared how it was used it wouldn't be THAT hard for them to keep tabs on the phone numbers of phones upon which their spyware was installed, and check it against a list of the phone numbers of western leaders to see if anyone is "misusing" it in a way NSO's marketing department doesn't approve of.
Because in reality the terrorism thing is just an excuse, they know it will be used by supposedly free countries to spy on leaders of other supposedly free countries, or business leaders in another country (i.e. maybe the UK would want to bug the Softbank CEOs phone to know his plans for ARM in advance) or to track "undesirables" like the Catalan spying.
Up to a point, Lord Copper.
The supposedly free country of the USA bugged the phones of prime ministers and leaders of allied countries, and everyone gave them a free pass on the venerable grounds that everybody does it and the delightful Mr. Obama was a beacon of Hope.
.
However, anyone listening to the gibberish the chucklehead Boris burbles is not going to get much of value, and the listeners will be entitled to tedium money.
Certainly no one who's paying any attention believe NSO Group are the only smartphone-APT vendors. Others such as Cytrox and Candiru have been exposed; some of them operate in the open. NSO have just become the most notorious thanks to a series of (unfortunate, for them) high-profile cases and the Pegasus Project exposé.
They're bad actors, and I'm happy to see them squirm; I'd be happier yet if they were shut down. But they're far from the only ones.
Yup....the spooks can still track the meta-data.....who the feature phone is used to call......who calls that feature phone.......
.....but if it's a "pay-as-you-go" 2G feature phone with no registered user (i.e. a burner) then the spooks (and NSO) are clean out of luck!!
So......use your so-called "smart phone".................and let NSO and their clients know everything about your life..............and the life of all your friends too........
Advanced technology.......................don't you just love it!!!!!!
Well, not really, because the total number of targets is only in the tens of thousands. I assume the company knows this because it charges on a per-install basis.
I doubt if I'm in any government's list of top 0.01% most interesting people to spy on.
Umm, you are kind of both wrong, kind of.
If you buy your burner from a supermarket then they will have CCTV footage of you up to a year later - so plan ahead.
I clicked on to UK surveillance before Snowden, realising I'd been a target. I warned a famous (in our circles) anarchist that he was being targetted. "Don't be paranoid, why would MI5 waste time monitoring me?" "I dunno." A few months later his best mate was exposed as a police infiltrator.
To paraphrase John Donne, you can wonder why the bell is tolling for you but it is tolling for you.
“Gelfand refused to answer if his company sold spyware, or had revoked licenses, to countries including Saudi Arabia, the United Arab Emirates, Hungary, and Poland while he was questioned for two and a half hours by Euro lawmakers."
How can the EU complain about which counties NSO sells spyware to when they are happy to sell the same countries arms?
Take Saudi Arabia, the EU are happy to allow the sale of Eurofighter Typhoons and Panavia Tornados to Saudi Arabia after airstrikes on civilians in Yemen.
The US is no better they allow the sale of the F-15E Strike Eagle to Saudi Arabia.
So suppling spyware is a no no, but strike aircraft is OK!