US lawmakers demand answers from Apple and the FBI about the agency’s alleged use of Pegasus spyware
You may have heard about the spyware tool called Pegasus, which made the headlines last year. It now seems that a couple of US lawmakers are demanding answers from Apple and the FBI because the law enforcement agency has acquired Pegasus spyware for iPhone for testing, reports AppleInsider.
Lawmakers in the US demanding answers from Apple and the FBI on Pegasus spyware
Pegasus is a spyware tool made by Israeli company NSO Group. It seems that the FBI has reportedly acquired it and tested it before it has decided against it. Additionally, the agency also allegedly tested Phantom, a similar spyware tool, in the same way as the Pegasus tool. Now, a pair of lawmakers in the US House are asking for some answers about the situation. The letters were signed by Rep. Jim Jordan, who is a ranking member of the House Judiciary Committee, and Rep. Mike Johnson, a ranking member of the subcommittee on civil rights.
The letters were seeking information on “the FBI’s acquisition, testing, and use of NSO’s spyware.”, which indicated that the FBI has acquired NSO-developed spyware tools like Pegasus and Phantom.
For those of you who don’t know, Pegasus is a spyware tool that lets someone hack into an iPhone and get access to important information on the device. First, we have heard about the Pegasus hack when news about it being used to target iPhones of journalists and activists in Saudi Arabia surfaced.
On the other hand, Phantom is a similar tool, but it allows users to target US cellular devices, something that Pegasus cannot do.
The letter was sent to FBI Director Christopher Wray. The two lawmakers claim that the report that the FBI purchased NSO Group-made tools is deeply troubling, and additionally, the two lawmakers state that those tools “present significant risks to the civil liberties of U.S. persons.”
Additionally, Jordan and Johnson also sent a letter to Apple. In this letter, the two reportedly ask CEO Tim Cook to provide information about the company’s ability to detect if iPhones have been compromised by such tools made by NSO.
What is the Pegasus spyware, zero-day vulnerability, and could you fix it?
Back in August of last year, a report by the Washington Post and 16 media partners have made the startling discovery that the phones of 37 journalists and human rights activists had been either attempted to or successfully hacked by an Israeli surveillance firm. The firm was the NSO. The Pegasus spyware was able to read text messages, track calls, collect passwords, track location, access the victim’s microphone and camera, and get information from apps installed on the hacked device.
A zero-day vulnerability is basically a very major vulnerability that’s known to hackers but unknown to the developers. That’s where the name zero-day comes from, as in the developer get zero days to fix the issue and release a patch. The zero-day vulnerability can become a zero-day attack when a malicious user directly exploits the vulnerability and the developer has no way of preventing it.
The zero-day vulnerability has to be fixed by the developer. What you can do is, if you have one of the older iPhones or iPads listed here above, make sure to download and install iOS version 12.5.5. For the newer phones that are already on iOS 15, the zero-day vulnerability has been patched. If you haven’t been updating your phone or iPad, well, you need to be at least at iOS version 14.8 and iPadOS 14.8 to feel secure from Pegasus.
If you want to get more technical about how it works, you can read Google’s Project Zero analysis of the Pegasus tool released in December.
On the other hand, Apple has also filed a lawsuit against NSO, in which it demands compensatory damages, as well as punitive damages, and the sum total could very well spell the end of NSO’s existence.