{
	"id": "9d024cf7-b753-4633-9053-197c7ae4f8fa",
	"created_at": "2026-04-06T00:22:26.06091Z",
	"updated_at": "2026-04-10T13:11:38.216842Z",
	"deleted_at": null,
	"sha1_hash": "e43d54bc87ec9291ab62e8954347f8673b3c0348",
	"title": "Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 74793,
	"plain_text": "Researchers: NSO Group’s Pegasus Spyware Should Spark Bans,\r\nApple Accountability\r\nBy Tara Seals\r\nPublished: 2021-07-20 · Archived: 2026-04-05 23:23:07 UTC\r\nOur roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report\r\nshowing widespread surveillance of dissidents, journalists and others.\r\nNews of a zero-click zero-day in Apple’s iMessage feature being incorporated into the notorious Pegasus mobile\r\nspyware from NSO Group has drawn a variety of reactions from the security community, including concerns\r\nabout the security of Apple’s closed ecosystem, and varying views on NSO Group’s culpability for how Pegasus is\r\nused.\r\nSince its initial discovery by Lookout and Citizen Lab in 2016, Pegasus has continued to evolve, making it easier\r\nand easier to infect mobile devices, noted Aaron Cockerill, chief strategy officer at Lookout. In fact, this isn’t even\r\nthe first zero-click zero-day used by the surveillance solution.\r\n“It has advanced to the point of executing on the target’s mobile device without requiring any interaction by the\r\nuser, which means the operator only has to send the malware to the device,” he told Threatpost. “Considering the\r\nnumber of apps iOS and Android devices have with messaging functionality, this could be done through SMS,\r\nemail, social media, third-party messaging, gaming or dating apps.”\r\nThat’s a problem, he said, especially given that as a closed ecosystem, Apple’s code is not as available for review\r\nand bug hunting as it could be, he said (though Apple does have a bug-bounty program).\r\n“This means vulnerabilities may remain undiscovered by attackers for longer, but they may also not be so readily\r\ndiscovered and reported by security researchers and other responsible parties,” Cockerill said. “On top of ensuring\r\nthe security and integrity of its own software, Apple faces the additional challenge of doing the same for millions\r\nof apps developed by third parties and submitted to the App Store.”\r\nHe added, “Apple aims their statements about security and privacy at consumers. However, the majority of the\r\nindividuals targeted by the NSO group are not categorized as typical consumers and Apple needs to recognize that\r\nsecuring these individuals may require help from third parties.”\r\nOliver Tavakoli, CTO at Vectra, told Threatpost that Apple’s coding practices could be tighter, too.\r\n“It’s clear that the iOS iMessage service is a bit of a mess from a security perspective,” he said. “Apple has added\r\nmore and more functionality to it – and every piece of functionality comes with the potential for exploitable\r\nvulnerabilities.”\r\nhttps://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/\r\nPage 1 of 4\n\nAlso, the fact that iMessage does not distinguish how it handles inbound messages from known contacts vs.\r\nstrangers opens phones up to exploitation, he added: “Accepting and processing messages from anyone is the\r\nequivalent of running a network connected to the internet with no firewall,” Tavakoli said.\r\nResearchers should all pitch in to combat against surveillance misuse, according to Setu Kulkarni, vice president\r\nof strategy at NTT Application Security.\r\n“This provides a time for us to get behind Apple and others (including Google) as they up the ante against what\r\nwas originally intended to be ‘spyware’ for societal good,” he said. “For Apple and other manufactures, this is a\r\nmoment of reckoning to get further entrenched with the governments to create more checks and balances while\r\nthey make their platform more impenetrable for bad actors.”\r\nNSO Group: Misunderstood or Miscreant?\r\nAs for NSO Group, it maintains that Pegasus serves a legitimate function to help law enforcement and\r\ngovernment agencies track down terrorists and bad actors. Researchers speaking to Threatpost largely rejected the\r\nnotion that it doesn’t sell to repressive regimes for anti-democratic purposes, echoing the results of an analysis\r\nfrom Amnesty International and Citizen Lab making headlines this week.\r\nNot everyone Brian Higgins, security specialist at Comparitech, said that the NSO Group does “their best to\r\ncontrol its deployment contractually,” but noted that it’s hard for the firm to govern how government customers\r\nuse Pegasus.\r\n“There will always be consumers who will seek to re-purpose its functionality to their own ends,” he told\r\nThreatpost. “This story is still developing but it is already apparent that the numbers of potential victims quoted do\r\nnot accurately reflect the amount of malicious activity currently facilitated by this software. It is an unfortunate\r\nreality that talented developers can never totally understand the full spectrum of uses their ideas may fulfill in the\r\nfuture.”\r\nPaul Bischoff, a privacy advocate at Comparitech and Higgins’ colleague, takes a much harder line on the\r\nshadowy Israeli tech firm.\r\n“NSO Group has been suspected of selling its spyware to some of the world’s most oppressive governments and\r\nleaders,” he told Threatpost. “Amnesty International and Citizen Labs’ findings further support these suspicions.\r\nNSO Group is in effect a weapons dealer, and there’s very few restrictions on to whom it can sell its weapons.\r\nPegasus is used by governments and other authorities to commit crimes, notably against journalists and political\r\nopponents. There is no legitimate and legal use for Pegasus…We need to end the commercial market for malware\r\nby putting a moratorium on the sale of all hacking tools.”\r\nErich Kron, security awareness advocate at KnowBe4, has a similar opinion.\r\n“The issue of surveillance products can become a serious threat based on who the developer decides is worthy of\r\nits use,” he told Threatpost. “While the U.S. may feel justified using Pegasus, we may not agree on others that the\r\nNSO believes should be allowed the technology.  A troubling part of this is the potential targeting of government\r\nofficials, journalists and even religious leaders. Due to the potential for abuse and the ability to blatantly invade\r\nhttps://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/\r\nPage 2 of 4\n\nthe privacy of so many people while remaining clandestine in its actions, severe restrictions need to apply to its\r\nuse.”\r\nThe stakes are high and getting higher, though as of yet, governmental sources haven’t weighed in on the\r\nexistence of Pegasus or the bombshell report showing how widespread it is for use against dissidents and others.\r\n“NSO Groups’s tactics are yet another example of how tools and techniques that were once the sole purview of\r\nnation-states have made their way into the private sector,” Mark Bowling, vice president of security response\r\nservice at ExtraHop, told Threatpost. “Unlike ransomware syndicates like Darkside or REvil, NSO Group began\r\nas a legitimate operation selling commercial software. As this latest reporting makes clear, however, the tactics\r\nthey employ look a lot like nation-state espionage, and indeed, amount to the privatization of cyber-espionage at a\r\nscale not previously seen.”\r\nPegasus Mobile Surveillance Ban Unlikely\r\nA ban is much easier said than done, given that many governments want to be able to leverage smartphone spying\r\nfor their national-security purposes, according to Mike Fong, CEO and founder of Privoro.\r\n“As a result, stopping one company or trying to ban the commercial spyware industry is only a Band-Aid,” he told\r\nThreatpost. “Many companies do it and successful bans will simply drive development underground or force\r\ngovernments that aren’t already doing it themselves to develop programs to do so.”\r\nNTT’s Kulkarni said that while an outright ban is unlikely, lawmakers can nonetheless create consequences for\r\nmisuse of what he termed “such utilities.”\r\n“I hope this does not end up in a situation where the measures taken end up taking away an otherwise legitimate\r\ntool that law enforcement have to keep society safe,” he said. “Ultimately, for NSO Group, Apple and law\r\nagencies, the lesson is that with great power comes great responsibility. It is time to step it up and find a way\r\nforward where NSO Group, Apple and law agencies can further improve their collaboration rather than take a step\r\nback.”\r\nLittle Protection Against Spyware\r\nOne thing that researchers agree on is the rising threat of mobile attacks — and the fact there’s little than can be\r\ndone to combat zero-click threats that require no user interaction, other than applying patches as they’re rolled out.\r\n“In our modern, tech-surrounded world where we are closely connected to digital devices, it is no surprise that this\r\ntype of software exists for use by law enforcement or other entities,” KnowBe4’s Kron said. “We keep our contact\r\nlists, emails, text messages and other private digital correspondence in our front pockets and our trust and comfort\r\nlevel with them can make us oblivious to the risks involved in keeping this information secure. No longer do\r\npeople have to break into your home and into a safe to get sensitive data — they only need to send a malicious\r\nemail or convince you to download an infected application.”\r\n“The breadth and depth of phone capabilities and the extensive global supply chains create a huge attack surface,”\r\nFong added. “The incentive and value of hacking a smartphone is off the charts. People now carry a mic, camera\r\nand tracker with them all day long, on top of the data on the phone itself and the communication it enables.”\r\nhttps://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/\r\nPage 3 of 4\n\nHe added, “both of these facts equate to dim prospects for the phone ever being secure against sophisticated\r\nattackers. We need layered defense and special purpose protection designed from the ground up to fill a limited\r\npurpose: security and protection.”\r\nCheck out our free upcoming live and on-demand webinar events – unique, dynamic discussions with\r\ncybersecurity experts and the Threatpost community.\r\nSource: https://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/\r\nhttps://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/"
	],
	"report_names": [
		"167965"
	],
	"threat_actors": [],
	"ts_created_at": 1775434946,
	"ts_updated_at": 1775826698,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e43d54bc87ec9291ab62e8954347f8673b3c0348.pdf",
		"text": "https://archive.orkl.eu/e43d54bc87ec9291ab62e8954347f8673b3c0348.txt",
		"img": "https://archive.orkl.eu/e43d54bc87ec9291ab62e8954347f8673b3c0348.jpg"
	}
}