Home

US govt phones 'hacked with NSO spyware'

Christopher Bing and Joseph MennReuters
NSO software is capable of capturing encrypted messages and turning phones into recording devices.
Camera IconNSO software is capable of capturing encrypted messages and turning phones into recording devices. Credit: AP

Apple iPhones of at least nine US State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.

The hacks, which took place in the last several months, hit US officials either based in Uganda or focused on matters concerning the east African country, two of the sources said.

The intrusions represent the widest known hacks of US officials through NSO technology.

NSO Group said in a statement on Thursday that it did not have any indication their tools were used but cancelled the relevant accounts and would investigate based on the Reuters inquiry.

Get in front of tomorrow's news for FREE

Journalism for the curious Australian across politics, business, culture and opinion.

READ NOW

"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," said an NSO spokesperson, who added that NSO will also "co-operate with any relevant government authority and present the full information we will have".

A US State Department spokesperson declined to comment on the intrusions, instead pointing to the Commerce Department's recent decision to place the Israeli company on an entity list, making it harder for US companies to do business with them.

NSO Group and another spyware firm were "added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," the Commerce Department said in an announcement last month.

NSO software is capable of not only capturing encrypted messages, photos and other sensitive information from infected phones but also turning them into recording devices to monitor surroundings, based on product manuals reviewed by Reuters.

Apple's alert to affected users did not name the creator of the spyware used in this hack.

The victims notified by Apple included US citizens and were easily identifiable as US government employees because they associated email addresses ending in state.gov with their Apple IDs, two of the people said.

They and other targets notified by Apple in multiple countries were infected through the same graphics processing vulnerability that Apple did not fix until September, the sources said.

Since at least February, this software flaw allowed some NSO customers to take control of iPhones simply by sending invisible yet tainted iMessage requests to the device, researchers who investigated the espionage campaign said.

The victims would not see or need to interact with a prompt for the hack to be successful.

Versions of NSO surveillance software, commonly known as Pegasus, could then be installed.

Apple's announcement that it would notify victims came on the same day it sued NSO Group last week, accusing it of helping numerous customers break into Apple's mobile software, iOS.

In a public response, NSO has said its technology helps stop terrorism and that they have installed controls to curb spying against innocent targets.

For example, NSO says its intrusion system cannot work on phones with US numbers beginning with the country code +1.

But in the Uganda case, the targeted State Department employees were using iPhones registered with foreign telephone numbers, said two of the sources, without the US country code.

A senior US administration official said the threat to the country's personnel abroad was one of the reasons the administration was cracking down on companies such as NSO and pursuing new global discussion about spying limits.

The official added that they have seen "systemic abuse" in multiple countries involving NSO's Pegasus spyware.

Historically, some of NSO Group's best-known past clients included Saudi Arabia, the United Arab Emirates and Mexico.

The Israeli Ministry of Defence must approve export licences for NSO, which has close ties to Israel's defense and intelligence communities, to sell its technology internationally.

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails