Thousands of iPhones potentially compromised with spyware, group claims

The iPhone 12 series are sold in an Apple store. With the price lowered several times, the iPhone 12 series make a booming sales in China. (Photo by Zhang Peng/LightRocket via Getty Images)

Thousands of iPhones across the world may have been compromised with spyware, according to an investigation by 17 media organizations in 10 countries and Amnesty International, a U.K.-based non-governmental organization. 

Amnesty International and Forbidden Stories, a Paris-based non-profit organization, said NSO, an Israeli-based surveillance company, used Pegasus zero-click attacks to install spyware on the iPhones of journalists, lawyers and human rights activists around the world. 

The two groups accessed a leaked list of 50,000 potential targets, although they said it is unclear how many smartphones were successfully hacked. They include 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists and several heads of state, according to The Washington Post, a consortium member. The journalists work for organizations including The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.

Amnesty also reported that its forensic researchers had determined that NSO Group’s flagship Pegasus spyware was successfully installed on the phone of Post journalist Jamal Khashoggi’s fiancee, Hatice Cengiz, just four days after he was killed in the Saudi Consulate in Istanbul in 2018. The company had previously been implicated in other spying on Khashoggi.

RELATED: Kaseya ransomware attack impacting companies around the world

"Our forensic analysis has uncovered irrefutable evidence that through iMessage zero-click attacks, NSO’s spyware has successfully infected iPhone 11 and iPhone 12 models. Thousands of iPhones have potentially been compromised," Amnesty Tech Deputy Director Danna Ingleton said Monday. 

"NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers' targets," NSO officials said in a statement to multiple news outlets. "NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers."

RELATED: Amazon Sidewalk: Police issue warning about feature that shares portion of your internet bandwidth

"Due to contractual and national security considerations, NSO cannot confirm or deny the identity of our government customers, as well as identity of customers of which we have shut down systems," the statement continued.

"Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place," the company said in a statement to FOX Television Stations. "For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market."

"We continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," the company added.

The United Nations' human rights chief voiced alarm Monday.

"Revelations regarding the apparent widespread use of the Pegasus software to spy on journalists, human rights defenders, politicians and others in a variety of countries are extremely alarming, and seem to confirm some of the worst fears about the potential misuse of surveillance technology to illegally undermine people’s human rights," U.N. High Commissioner for Human Rights Michelle Bachelet said in a statement released in Geneva.

The Associated Press contributed to this report. This story was reported from Los Angeles.