In attacking the iPhone of human rights defender Ahmed Mansour, the Emirati government reportedly bought a rare, zero-day, Israeli exploit of Apple’s iOS.
When a government seeks to rein in a political opponent by listening in on his calls, reading his text messages, and spying on his meetings, how do they go about doing so? In the case of the United Arab Emirates and pro-democracy activist Ahmed Mansoor, they sent him a short text message.
“New secrets about torture of Emiratis in state prisons,” the Aug. 10 and 11 SMS messages to Mansoor read. The texts included a link, and had Mansoor clicked it, his phone would have turned into a powerful surveillance tool for an entity that researchers believe is the Emirati government. #Pegasus, the software used against Mansoor, allows its operator to record phone calls and intercept text messages, including those made or sent on nominally encrypted apps such as Viber and WhatsApp. It can mine contact books and read emails. The software can also track its subject’s movements and even remotely turn on the phone’s camera and microphone.
It is unclear how much money the UAE purportedly paid to the shadowy Israeli firm that created Pegasus, the #NSO_Group, but Marczak said it was likely that the firm’s contract with the Gulf nation was in the range of $10 million to $15 million. The size of that contract, he added, would depend on how many targets the UAE would have hired NSO to surveil.
NSO reportedly sells its surveillance tools to governments around the world, and the UAE appears to be one of its biggest clients, judging by the company’s use of Emirati domains. Citizen Lab also documented the use of Pegasus in countries like Mexico, where it was used to target a Mexican journalist.
The Pegasus software utilized a chain of three zero days in Apple’s mobile operating system to turn iPhones into highly capable, multifunction surveillance tools.