What you need to know
- The maker of spyware that was used to target the phones of journalists, activists, and politicians has denied responsibility.
- It says that if customers misuse its products then they are to blame.
- It also says recent reports are part of a coordinated media campaign and are erroneous.
NSO Group, the company behind Pegasus, spyware that was allegedly used to target the phones of journalists, activists, and politicians, has said that its customers are to blame for the "misuse" of its products.
Earlier this week it was reported that Pegasus was being used to target thousands of devices. From our explainer:
According to the report authoritarian regimes had used Pegasus to target activists, diplomats, politicians, and more. At the time of the report the company said it had no access to the data of customer targets nor did it operate its own technology, simply licensing it "vetted government customers". The story was of particular note to iPhone users because it was installed on iPhones running iOS 14.6 using a zero-click exploit, which means it can be installed without any user input.
Now, the company has hit back strongly against criticism in wake of the report.
In comments made to the BBC NSO group said that there were issues with the story. Firstly the list of 50,000 potential targets was reportedly taken from an NSO Group server in Cyprus, but the company says it doesn't have any servers there. A spokesman said:
NSO Group also states that regardless, it can't be held responsible for the actions of its customers, reportedly telling the BBC "If I am the manufacturer of a car and now you take the car and you are driving drunken and you hit somebody, you do not go to the car manufacturer, you go to the driver. We are sending the system to governments, we get all the correct accreditation and do it all legally. You know, if a customer decides to misuse the system, he will not be a customer anymore. But all the allegations and all the finger-pointing should be at the customer."
The company has also posted a statement on its website titled Enough is Enough which states:
The company reiterated that "the list" was not a list of targets or potential targets, nor that the numbers in the list were related to NSO group. The company also says "any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false."
NSO group also said it would thoroughly investigate "any credible proof of misuse of its technologies", shutting down the system where necessary. For its part, Apple says it "unequivocally condemns cyberattacks". In a statement provided to iMore Apple's head of Security Engineering and Architecture Ivan Krstic said:
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9