2021-07-22
Amnesty International Spyware Report
Amnesty International’s Security Lab “has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware.” The Forensic Methodology Report also includes a forensic tool to detect the spyware’s presence on mobile devices.
Editor's Note
Great report by Amnesty and a must read for anybody doing IR on mobile devices. Remember that the exploits used may be "high end" now, but they tend to trickle down the food chain. For the rest of us, the lesson to learn is that you absolutely need to keep your mobile devices up to date, and yes, a text message may be used to run arbitrary code on your device.

Johannes Ullrich
iPhones and Android phones have been harder targets to compromise than Windows PCs but this Pegasus use points out they are far from impenetrable. In the SANS 2021 New Threat and Attack report, SANS instructor Heather Mahalik points out many of the key issues and action steps. https://www.sans.org/webcasts/2021-report-top-attacks-threat-report-118445/

John Pescatore
While far from mass surveillance, and while most of the targets were political, some appeared to be targeted for mere celebrity. While such surveillance might not be illegal in all the countries engaged in it, it qualifies as abuse and misuse everywhere. Here it would require a warrant issued by a court based upon probable cause to believe a crime.
