NSO’s Pegasus iPhone hack is one of the most significant tech controversies of the year. Several reports in the past few months revealed an incredibly sophisticated iPhone hacking campaign. Pegasus allowed nation-state actors to spy on specific targets through their iPhones using a zero-day attack. The victim didn’t even have to click a link in a message to install the Pegasus spyware program for the hack to work. Nor would they know that the iPhone was sending personal data to unknown attackers. In light of these iPhone security reports, Apple patched the exploit.
But Apple did not stop at merely fixing the vulnerability. Apple sued the Israeli company behind the spyware earlier this week. Apple then quickly moved to inform victims of the attack. As a result, the company indirectly revealed the kind of targets the Pegasus hackers went after.
Don’t worry about hackers having spied on your iPhone before Apple patched the exploit. You’re probably fine. This won’t affect most iPhone users.
The hackers who employed the Pegasus hack went after specific targets, such as activists, politicians, lawmakers, and journalists. That’s why the US government placed Pegasus on the entity list, effectively banning the NSO Group from working with any US tech company. Apple alerting to victims helps us better understand the scope and focus of the Pegasus hack.
Pegasus iPhone hack targets in Thailand
According to Reuters, Apple issued alert messages on Wednesday to at least six Thai activists and researchers. These individuals have been critical of Thailand’s government in the past.
For example, one of the people who received notifications from Apple on the Pegasus hack is Prajak Kongkirati. A political scientist from Bangkok’s Thammasat University, Kongkirati received two emails from Apple. The company informed him that it believes the hackers targeted his iPhone and iCloud accounts.
Moreover, five other iPhone users in Thailand received Apple’s Pegasus alert. The list includes a researcher, two other activists, a rapper, and a politician.
The Pegasus warning informs the potential victims of what might happen if state-sponsored attackers compromise their iPhones. The hackers “may be able to remotely access your sensitive data, communications, or even the camera and microphone.”
The prominent target in Poland
Separately, Polish-language ThinkApple reported that Apple notified a Polish prosecutor that her iPhone might have been infected with Pegasus.
Ewa Wrzosek might have been targeted after investigating a failed presidential election where money was spent on a postal vote that didn’t take place. The report notes that Wrzosek’s supervisors ultimately took the prosecutor off the case. Furthermore, disciplinary proceedings started against her.
Właśnie otrzymałam alert @AppleSupport o możliwym cyberataku na mój telefon ze strony służb państwowych. Ze wskazaniem, że mogę być celem ataku ze względu na to co robię lub kim jestem.
Ostrzeżenie potraktuję poważnie bo poprzedziły je inne incydenty@ZiobroPL czy to przypadek? pic.twitter.com/QWnctRMCof— e-wrzosek #FBPE🇪🇺🇵🇱🏳️🌈#FundamentalRights (@e_wrzosek) November 24, 2021
The prosecutor announced on Twitter that she received Pegasus alerts from Apple. Here’s what the tweet above says, complete with a mention of Poland’s Minister of Justice:
I just got an alert from @AppleSupport about a possible cyber attack on my phone by state services. With the indication that I may be targeted for what I am doing or who I am. I will take the warning seriously because it was preceded by other incidents. @ZiobroPL is it a coincidence?
Apple warnings to iPhone targets in other countries
The same Reuters report also indicates that Apple issued similar warnings to iPhone users in Ghana, Uganda, and El Salvador. Hackers used Pegasus to potentially install spyware on iPhones belonging to two political activists in Ghana, a politician in Uganda, and a dozen journalists in El Salvador.
Apple isn’t announcing the names of the individuals subject to the Pegasus hacks. But some of these iPhone owners are coming forward on their own to confirm the spying campaigns.
If you haven’t received a message from Apple that looks like the one in the tweet above, it means you were not a target of nation-state actors who purchased the NSO software. If you did, you’d want to install the latest iOS version on your iPhone immediately. You might want to switch to an entirely new phone. Here’s an account of what a New York Times reporter did after discovering the Pegasus hack on his iPhone.