Pegasus: The Spyware That Governments Buy to Read Your Mind

How a commercial Israeli surveillance product became the preferred weapon of states against their own citizens, and what the technical reality of “protection” actually looks like

In the years I spent as a court-appointed expert, I observed many things about the relationship between the state and surveillance technology that are not discussed in parliamentary committees or press releases. I observed vehicles whose interior lighting concealed cameras so small and so precisely positioned that the occupants had no reason to look for them and no means of detecting them without specialized equipment. I observed evidence of audio collection from private residences that was so methodologically clean, in the forensic sense, that determining the point of installation after the fact was essentially impossible. And I observed, repeatedly, the gap between what surveillance law permits and what surveillance practice produces, a gap that has never been closed by legislation because the legislation is almost always written after the capability already exists and has already been used. What I know about Pegasus, therefore, I know not as a distant observer of the cybersecurity literature, but as someone who has spent a professional lifetime watching what happens when technical capability outpaces legal accountability and public awareness by several years.

Pegasus is not malware in the conventional sense. It is not the product of criminal hackers or a hostile foreign intelligence service looking for financial credentials or ransomware leverage. It is a commercial product, developed by the Israeli company NSO Group, sold exclusively to governments, priced in the millions of dollars per deployment, and exported under a license system controlled by the Israeli Ministry of Defense. NSO Group describes its client base as approximately 60 intelligence, military, and law enforcement agencies in roughly 40 countries. It markets the product as a tool for combating terrorism and serious organized crime. What the forensic evidence accumulated by independent researchers between 2016 and 2024 demonstrates is that the product has been used, repeatedly and systematically, against journalists, human rights activists, lawyers, opposition politicians, and their immediate family members, across multiple continents, including in European Union member states.

What Zero-Click Actually Means

The term zero-click appears frequently in coverage of Pegasus and is almost always underexplained. In conventional digital attacks, the target must be induced to do something: click a link, open an attachment, install software, respond to a phishing message. The attacker’s probability of success depends significantly on the target’s digital literacy and behavioral caution. Zero-click exploits remove this dependency entirely. The target does nothing. The attack succeeds simply because the device received a message.

The mechanism behind this capability requires explanation that goes beyond “it exploits a vulnerability,” because the sophistication of the engineering involved has no parallel in publicly known commercial software. When Citizen Lab, the cybersecurity research group at the University of Toronto’s Munk School of Global Affairs, captured a live Pegasus zero-click exploit in 2021 and shared it with Apple and Google’s Project Zero team, the Project Zero engineers described it as “one of the most technically sophisticated exploits we have ever seen” (Marczak et al., 2021, FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild, Citizen Lab Research Report No. 143, University of Toronto). This exploit, which Citizen Lab named FORCEDENTRY, worked by smuggling a maliciously constructed PDF file inside an iMessage attachment disguised as a GIF image. The file exploited an integer overflow vulnerability in Apple’s CoreGraphics image rendering library, specifically in the JBIG2 image compression decoder, a format so obscure that its forensic use as an attack vector required a level of engineering investment that Project Zero estimated was comparable to the capabilities of major nation-state intelligence agencies. Using approximately 70,000 segment commands within the JBIG2 data, the exploit assembled a functioning logic architecture inside the device’s memory before any of Apple’s sandboxing protections could engage. FORCEDENTRY was effective against iOS, macOS, and watchOS devices and was patched by Apple in iOS 14.8 in September 2021.

In September 2023, Citizen Lab captured another active zero-click exploit in use against the device of a civil society employee in Washington, DC. This exploit, named BLASTPASS, was capable of compromising iPhones running iOS 16.6, which was the most current version at that time, without any interaction from the victim. The attack delivered malicious images embedded in PassKit attachments, the file format used by Apple Wallet, sent via iMessage from attacker-controlled accounts. Apple patched the underlying vulnerabilities, CVE-2023-41064 and CVE-2023-41061, in iOS 16.6.1, released on September 7, 2023, one week after Citizen Lab disclosed the findings to Apple (Citizen Lab, 2023, BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild, citizenlab.ca).

The pattern here is not incidental. Across 8 years of documented Pegasus operation, NSO Group has systematically identified and purchased zero-day vulnerabilities, meaning vulnerabilities previously unknown to the software manufacturer, in the most widely used smartphone software in the world. When one exploit is patched, new ones replace it. This is not opportunistic criminal hacking. It is a product development and maintenance operation, sustained by the revenue of government subscriptions.

50,000 Phone Numbers and the Journalists Who Were on the List

In July 2021, the Pegasus Project, a consortium of 17 media organizations coordinated by the Paris-based nonprofit Forbidden Stories and supported by forensic analysis from Amnesty International’s Security Lab, began publishing the results of an investigation into a leaked dataset of more than 50,000 phone numbers that had been identified as targets of interest by NSO Group’s clients since approximately 2016 (Amnesty International, 2021, Massive Data Leak Reveals Israeli NSO Group’s Spyware Used to Target Activists, Journalists, and Political Leaders Globally, amnesty.org). The media partners included the Washington Post, the Guardian, Le Monde, Süddeutsche Zeitung, Die Zeit, and more than a dozen other major international publications. The forensic analysis was conducted by Amnesty’s Security Lab and independently peer-reviewed by Citizen Lab, which confirmed the methodology.

The dataset contained the numbers of cabinet ministers and heads of state from multiple countries, including, the investigation found, the head of government of a NATO member state. It contained the numbers of at least 180 journalists in 20 countries, including staff members of the Associated Press, CNN, the New York Times, and Reuters. Among those confirmed by forensic examination of device logs to have been actively infected with Pegasus, rather than merely targeted, was a journalist from The Wire in India whose phone showed evidence of infection as recently as June 2021. The investigation identified at least 10 country clusters among the operators whose client numbers appeared most prominently in the data, including Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the United Arab Emirates, all of which Citizen Lab had independently identified as past or current NSO Group clients (Washington Post, July 18, 2021, Private Israeli Spyware Used to Hack Cellphones of Journalists, Activists Worldwide).

The Jamal Khashoggi case provides the most extreme illustration of what Pegasus in the hands of a repressive government can mean. Khashoggi, the Saudi journalist and Washington Post columnist, was murdered inside the Saudi consulate in Istanbul in October 2018 by agents of the Saudi government. Forensic analysis of devices belonging to members of his immediate circle, people in direct contact with him in the period immediately before his death, revealed evidence of Pegasus infection. NSO Group denied that its technology had any connection to the murder. The technical record, reviewed by independent forensic experts, does not support this denial in any meaningful sense. Whether the intelligence derived from Pegasus surveillance directly facilitated the operation that killed Khashoggi cannot be established with certainty from the available evidence. That his associates were surveilled using NSO’s product in the relevant period is established.

The Business Model

NSO Group is not a rogue operation. It operates with an export license issued by the Israeli government, meaning every sale must be approved by the Israeli Ministry of Defense. The company has repeatedly stated that it sells only to vetted government agencies and that it cannot access or review the intelligence collected through its product once deployed to a client. This claim is technically plausible as a design principle and practically implausible as a statement of operational ignorance: a company that maintains and updates the exploit infrastructure required to sustain zero-click capabilities across multiple iOS generations is operationally embedded in its clients’ surveillance infrastructure in ways that a purely transactional relationship would not require.

In November 2021, the United States Department of Commerce added NSO Group to its Entity List, effectively blacklisting the company from using American technology or infrastructure, on the basis that the company had “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers” (US Department of Commerce, Bureau of Industry and Security, November 2021). In the same month, Apple Inc. filed a lawsuit against NSO Group and its parent company in a federal court in California, seeking a permanent injunction against NSO’s use of Apple products and infrastructure. WhatsApp had filed a comparable suit against NSO Group in October 2019, alleging that NSO had exploited a zero-click vulnerability in the WhatsApp calling function to target approximately 1,400 devices in a 2-week window (CVE-2019-3568).

In Germany, the picture is further complicated by the domestic dimension. In October 2021, reporting by multiple outlets confirmed that the Bundesnachrichtendienst, Germany’s foreign intelligence service, had purchased a modified version of Pegasus for use in its operations abroad. The Bundestag’s Parliamentary Control Panel had not been informed of this acquisition, a violation of the oversight framework that governs the BND’s technical capabilities. The domestic intelligence service, the BfV, separately maintained a Pegasus license for internal use. What was described officially as a strictly controlled, legally compliant deployment of a surveillance tool thus turned out, upon closer examination, to involve an intelligence service that had purchased a product whose civilian abuse by its other government clients had already been extensively documented by the time the purchase was made.

What Apple’s Lockdown Mode Is, and What It Is Not

In September 2022, Apple introduced Lockdown Mode as part of iOS 16, a hardened operating state that significantly restricts the device’s attack surface by disabling a range of features that have historically served as vectors for sophisticated attacks. In Lockdown Mode, most message attachment types in iMessage are blocked, link previews are disabled, FaceTime calls from unknown numbers are rejected, wired connections to computers are blocked when the device is locked, and configuration profiles cannot be installed. The trade-off is a substantially reduced functional envelope: certain apps stop working normally, shared albums in Photos become inaccessible, and some web technologies are disabled.

Citizen Lab’s analysis of the PWNYOURHOME exploit chain used by Pegasus in 2022 found that devices running iOS 16 with Lockdown Mode enabled received real-time warnings when PWNYOURHOME was attempted against them, and that the research team observed no successful compromise of any device on which Lockdown Mode was active (Marczak et al., 2023, Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains, Citizen Lab, University of Toronto). This is the clearest evidence available that Lockdown Mode provides meaningful protection against at least some active Pegasus exploit chains. It is not evidence that Lockdown Mode is a complete solution or that NSO Group has not since developed workarounds. The company’s technical resources and the predictable cat-and-mouse dynamic of the exploit market make the assumption of a permanent countermeasure unrealistic.

Amnesty International’s Security Lab has released and maintained the Mobile Verification Toolkit, or MVT, an open-source tool for forensically examining iOS and Android devices for indicators of Pegasus infection. MVT is the tool used in the major documented Pegasus investigations. It requires a technical level of operation that most individuals do not have, but it represents the most methodologically rigorous publicly available means of determining whether a device has been compromised. Its regular use, combined with the indicator-of-compromise databases maintained by Citizen Lab and Amnesty, is the closest thing to a systematic detection capability currently available outside commercial forensic laboratory environments (Amnesty International Security Lab, 2021, Mobile Verification Toolkit, github.com/mvt-project/mvt).

What Actually Reduces Risk

The practical security advice that most publications offer regarding Pegasus is partially correct and partially misleading about the nature of the threat. Keeping the device operating system current is genuinely important: every documented Pegasus zero-click exploit has been delivered against specific vulnerability in a specific OS version, and has been mitigated by an update. The interval between exploit deployment and patch availability is the operational window. Shrinking that window by updating promptly is rational behavior. The limitation is that zero-day vulnerabilities, by definition, are unknown to the manufacturer until they are discovered, and during the period of their exploitation, no patch exists regardless of update discipline.

Signal is generally the most technically robust messaging application available for encrypted communication, and using it is reasonable practice. Its open-source codebase has been reviewed by independent security researchers in ways that WhatsApp’s proprietary implementation has not. The caveat that Pegasus can intercept communication by accessing the microphone directly or by capturing content before encryption occurs is real, but it applies only to a fully compromised device. On an uncompromised device, Signal’s cryptographic protections function as documented.

App permissions deserve attention that most users do not give them. An application that has no functional requirement for microphone access but has been granted it through an inattentive installation represents an unnecessary risk, not because that specific app is necessarily malicious, but because it represents an attack surface that a compromised application could exploit. Reviewing and restricting permissions requires approximately 10 minutes per device and produces a meaningfully smaller surface area for exploitation. Strong, unique passwords managed through a reputable password manager, combined with hardware security keys rather than SMS-based two-factor authentication where the service supports it, close gaps that are frequently exploited in credential-based attacks that accompany or supplement direct device compromise.

The honest assessment, however, is this: if a government with a Pegasus contract has decided that your device is a target, and has a zero-day exploit available for your current operating system version, the protective measures available to an individual user are insufficient to prevent compromise. This is not a statement designed to produce hopelessness. It is a statement of technical reality that the security industry’s commercial incentive structure tends to obscure. Pegasus is not designed for mass surveillance of the general population. It is designed for targeted, high-value collection against specific individuals. The overwhelming majority of smartphone users are not targets of Pegasus and will never be. For journalists, human rights defenders, civil society leaders, lawyers involved in sensitive cases, and opposition politicians operating in environments where their governments have Pegasus access, the threat is real, documented, and not eliminable through consumer-grade security practices alone.

A Warning Before the Final Word

The Pegasus story is frequently told as a story about a bad actor, a company that sold a dangerous product to clients who misused it. This framing is convenient for everyone involved, including the governments that purchased Pegasus and the democratic governments that now criticize NSO Group while maintaining their own domestic surveillance infrastructures. It allows the discussion to be resolved by sanctioning one company without addressing the underlying market, which is the commercial sale of offensive cyber capabilities to governments that face no binding legal accountability for how they use them. NSO Group has competitors. The product category will persist regardless of NSO Group’s fate.

The harder conversation is about the decision that democratic governments are making when they license or tolerate surveillance technology whose documented civilian application includes the assassination of a journalist, the monitoring of human rights lawyers, and the targeting of investigative reporters in EU member states. Germany’s BND purchased Pegasus for foreign operations in the same year that the Pegasus Project documented its use against Hungarian journalists. These are not separate stories. They are parts of the same market that democratic governments both regulate and participate in, and the participation consistently precedes the regulation by enough years that the gap becomes a feature rather than a bug.

Every Device Is a Potential Witness Against Its Owner

There is a principle in forensic work that applies with equal force to digital devices: the object that a person carries closest to them, that knows their movements, conversations, contacts, and private thoughts, is also the most valuable source of evidence about them. We have spent decades designing smartphones to know everything and forget nothing. The intelligence value of a fully compromised phone, one from which everything is accessible in real time, by a hostile actor who has paid a government agency for the privilege, is difficult to overstate. Every call, every message on every platform, the microphone ambient when the phone is simply resting on a table, the camera, the location trajectory, the contacts network: all of it becomes legible to whoever controls the implant.

The people who dismiss this as a concern for criminals and terrorists have misread both the evidence and the historical record of surveillance technology. States have never successfully confined their surveillance capabilities to criminals and terrorists. The record shows, consistently and across jurisdictions, that capabilities developed for one class of target migrate to adjacent classes whenever operational pressure or political will exists. The Pegasus data is not a list of criminals. It is a list of journalists, lawyers, and politicians. The lesson is not that Pegasus is uniquely dangerous. The lesson is that every surveillance technology that has ever been deployed by a state has eventually been used against someone whose crime was disagreeing with that state. Pegasus is simply the current, best-documented example of a pattern that has no exceptions in the historical record.

References

• Amnesty International Security Lab. (2021). Mobile Verification Toolkit [Open-source software]. GitHub. https://github.com/mvt-project/mvt
• Amnesty International. (2021, July 18). Massive data leak reveals Israeli NSO Group’s spyware used to target activists, journalists, and political leaders globally. https://www.amnesty.org/en/latest/press-release/2021/07/the-pegasus-project/
• Amnesty International Security Lab. (2023, December). Forensic appendix: Pegasus zero-click exploit threatens journalists in India. https://securitylab.amnesty.org/latest/2023/12/pegasus-zero-click-exploit-threatens-journalists-in-india/
• Beer, I., & Groß, S. (2021, December 15). A deep dive into an NSO zero-click iMessage exploit: Remote code execution. Google Project Zero. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
• Citizen Lab. (2023, September 7). BLASTPASS: NSO Group iPhone zero-click, zero-day exploit captured in the wild. University of Toronto. https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
• Forbidden Stories & Amnesty International. (2021). The Pegasus Project [Investigation]. Forbidden Stories. https://forbiddenstories.org/pegasus-the-new-rules-of-spyware/
• Marczak, B., Scott-Railton, J., Abdul Razzak, B., Al-Jizawi, N., Anstis, S., Berdan, K., & Deibert, R. (2021). FORCEDENTRY: NSO Group iMessage zero-click exploit captured in the wild. Citizen Lab Research Report No. 143, University of Toronto. https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
• Marczak, B., Scott-Railton, J., Abdul Razzak, B., & Deibert, R. (2023). Triple threat: NSO Group’s Pegasus spyware returns in 2022 with a trio of iOS 15 and iOS 16 zero-click exploit chains. Citizen Lab, University of Toronto. https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
• US Department of Commerce, Bureau of Industry and Security. (2021, November 3). Addition of certain entities to the entity list [Federal Register Notice]. https://www.federalregister.gov/documents/2021/11/04/2021-23985/addition-of-certain-entities-to-the-entity-list
• Washington Post. (2021, July 18). Private Israeli spyware used to hack cellphones of journalists, activists worldwide. https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/