An investigation by the Washington Post and other news organizations has revealed private Israeli spy software was used to hack dozens of smartphones belonging to reporters, human rights activists and corporate executives.
The Israeli spyware company NSO Group is said to have licensed the military-grade spyware. The investigation found that the hacked phones were on a list of over 50,000 numbers from countries known to spy on people.
Hidden Stories, a Paris-based journalism nonprofit organization, and Amnesty International, a human rights organization, shared the list of numbers with The Washington Post and other media organizations.
NSO Group's Pegasus hacking software - or spyware - is developed, marketed, and licensed to governments all around the world. It is capable of infecting billions of phones running the iOS or Android operating systems.
Experts identified the first version of Pegasus in 2016, which infected phones via spear-phishing - text messages or emails that deceive a target into clicking on a malicious link.
However, NSO's attack capabilities have progressed since then. Pegasus infections are possible using "zero-click" attacks, which do not require any interaction from the phone's owner to be successful.
These will often exploit "zero-day" vulnerabilities, which are faults or problems in an operating system that the maker of the mobile phone is unaware of and so unable to remedy.
In several statements, NSO Group denied the report's findings, claiming that the investigation comprises "uncorroborated theories" based on "misleading interpretation of leaked data from accessible and overt basic information."
Amnesty International's technical report, according to NSO lawyers, was "a compilation of speculative and baseless assumptions." They did not, however, dispute any of its specific findings or conclusions.
NSO Group also said that it would continue to investigate all credible allegations of misuse and take necessary measures.
