News has broken this week that Pegasus Spyware has been used to hack into the phones of 35 journalists and human rights advocates in El Salvador. In December Apple notified the U.S. government that U.S. diplomats' phones had been hacked in Uganda using the same state-sponsored product. Evidence of Pegasus breaches has also been discovered on the phones of the closest associates of Jamal Khashoggi, the Saudi journalist who was murdered in 2018 in the Saudi consulate in Istanbul. The spyware is produced by NSO Group, a company based in Israel that sells Pegasus to governments for the purposes of eavesdropping on and tracking the movements of targets of the countries' choosing. The Israeli government controls which governments buy the product. Once installed on a device (the installation is done remotely and without the knowledge of the target), Pegasus allows hackers to observe everything related to that device, including emails, contact lists, social media, voicemails, and the phone's location. Pegasus also allows hackers to turn on the device's camera and microphone. This technology is particularly alarming because even device users who take reasonable security precautions can be affected without ever knowing. NSO alleges that its spyware is to be used only against terrorists and criminals, but as we well know these terms are used regularly by authoritarian regimes to describe journalists, opposition figures, and human rights advocates.
"Pegasus Spyware Used in 'Jaw-Dropping' Phone Hacks on El Salvador Journalists" - The Guardian
The 9-minute video embedded in this article from The Washington Post provides an excellent explanation of Pegasus.
"Pegasus Spyware Used to Hack U.S. Diplomats Working Abroad" - The Washington Post
An international investigation into Pegasus yielded a comprehensive report, which follows:
"Takeaways from The Pegasus Project" - The Washington Post
"Apple Sues NSO Group to Curb the Abuse of State-Sponsored Spyware" - apple.com