Several people familiar with the breach said on Friday that the iPhones of 11 US Embassy employees working in Uganda were hacked using spyware created by Israel’s NSO Group, a surveillance firm that was blacklisted by the US barely a month ago after it said the technology had been used by foreign governments to repress dissent.
This is the first known instance of Pegasus spyware being used against American officials. Pegasus is an advanced surveillance system that can extract sound and video recordings, encrypted communications, photos, contacts, location data, and text messages from smartphones that have been remotely implanted.
Also Read | Regular reboots: Simplest way to protect your phone from Pegasus-like spies
There is no evidence that NSO hacked into the phones. However, it is bring suggested that one of its clients, mostly foreign governments, did so on behalf of embassy employees.
The revelation is likely to escalate tensions with Israel over the United States’ recent crackdown on Israeli companies that produce surveillance software that has been used to track dissidents’ whereabouts, listen in on their conversations, and covertly download files that move through their phones. President Biden has invited dozens of countries, including Israel, to a summit next week at the White House, where he plans to make efforts to further crack down on the use of such software.
Hackers have previously targeted US diplomats, most notably Russian, who have repeatedly breached the State Department’s unclassified email systems. However, in this case, the software was created by a company that works closely with one of the United States’ most important allies — and a country that frequently collaborates with the National Security Agency on cyber operations, including against Iran.
NSO has long asserted on hand-picking its clients and has turned down many. However, the US concluded last month that the company’s software and operations are incompatible with US foreign policy interests, and placed it on the Commerce Department’s “entities list”, which prevents it from receiving critical technologies.
NSO said in a statement that it would conduct an independent investigation into the allegations and cooperate with any government inquiry.
“We have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations,” the company said. “To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case.”
Reuters reported earlier on Friday that Apple had informed US Embassy employees in Uganda about the hack on Tuesday. According to a source familiar with the attack, the victims include a mix of foreign service officers and embassy employees who had linked their Apple IDs to their State Department email addresses.
“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” the notice from Apple said.
“These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it’s possible this is a false alarm, please take this warning seriously,” Apple said in the notice.