The Spanish prime minister’s iPhone was infected by NSO’s Pegasus spyware, says the government. Defense Minister Margarita Robles’ phone was also hit. This is just the latest in a slew of high-profile Pegasus attacks revealed within the last few weeks.
While it is foreign governments who would most want to target phones belonging to most prime ministers, there’s another obvious suspect in the case of Spain …
We’ve recently outlined the key things you need to know about Pegasus.
NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is capable of mounting zero-click exploits – where no user interaction is required by the target.
In particular, simply receiving a particular iMessage – without opening it or interacting with it in any way – could allow an iPhone to be compromised, with most personal data exposed.
Apple patches vulnerabilities as they come to light, while NSO purchases details of new ones. The Cupertino company now also proactively looks for signs that iPhones have been compromised by Pegasus, and sends an alert to victims.
Recent Pegasus attacks
The frequency of high-profile Pegasus attacks coming to light appears to be increasing – likely due to Apple alerting victims. Within just the past few weeks:
- Pegasus hacked the iPhone of award-winning journalist, weeks after Apple’s injunction attempt
- Pegasus spyware hacked iPhones of senior EU officials, who were alerted by Apple
- Pegasus targeted US iPhones indirectly; device infected in British prime minister’s office; Catalans targeted in Spain
Spanish prime minister’s iPhone infected
Reuters reports on the latest revelation.
Spanish authorities have detected “Pegasus” spyware in the mobile phones of Prime Minister Pedro Sanchez [left, above] and Defence Minister Margarita Robles, the government minister for the presidency, Felix Bolanos, said on Monday.
The fact that a number of these reports are coming to light some time after they occurred may indicate that Apple has the ability to retrospectively detect not just that an iPhone is infected with Pegasus, but also when that infection occurred.
Bolanos told a news conference Sanchez’s phone was infected in May 2021 and at least one data leak occurred then.
Generally, foreign governments would be the prime suspects, but in this case there is another obvious possibility. There has been a long-running battle between the Spanish government and the semi-autonomous community of Catalonia.
Catalonia held an independence referendum in 2017, with a 92.01% vote in favor. However, the Spanish government declared the referendum unconstitutional, and international observers said that it was invalid as many of those opposed to independence didn’t vote due to Spain’s political parties declaring the referendum illegal.
Tensions were further increased last month when it was revealed that the phones of at least 63 high-profile Catalans were attacked by Pegasus, the Spanish government being the obvious suspect. A counter-attack by Catalonia would be a natural conclusion in this case.
The semi-autonomous status of the Catalan governing body makes it unclear whether it would qualify to purchase Pegasus, as NSO claims that sales are limited to government law enforcement agencies. However, the sketchy nature of the company’s business means that limited weight would be given to anything it says.
One thing’s for sure: the relationship between the Spanish government and Catalonia is not exactly likely to improve any time soon.
Author: Ben Lovejoy