The NSO group, whose Pegasus spyware is used to hack iPhones and Android smartphones, has been officially named by the US government as a threat to national security.
The Commerce Department’s Bureau of Industry and Security (BIS) has added the Israeli company to the Entity List, which bans the company’s products from being imported, exported or passed from one organization to another within the US.
Background
Our NSO Guide explains the background to this.
NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.
In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.
NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted. A report by Amnesty International said that Pegasus was being used to mount zero-click attacks against human rights activists and other innocent targets.
NSO named as security risk for Pegasus spyware
The NSO Group is one of four foreign companies to be declared a threat to national security.
The Commerce Department’s Bureau of Industry and Security (BIS) has released a final rule adding four foreign companies to the Entity List for engaging in activities that are contrary to the national security or foreign policy interests of the United States. The four entities are located in Israel, Russia, and Singapore.
NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order […]
Today’s action is a part of the Biden-Harris Administration’s efforts to put human rights at the center of U.S. foreign policy, including by working to stem the proliferation of digital tools used for repression. This effort is aimed at improving citizens’ digital security, combatting cyber threats, and mitigating unlawful surveillance.
A New York Times journalist recently described the experience of his iPhone being hacked, with all signs pointing to Pegasus spyware having been used.
Photo: iFixit
Author: Ben Lovejoy
Source: 9TO5Google