The text gets delivered to your iPhone. It produces no image. It offers no warning of any kind as an iMessage from somebody you don’t know delivered the malware directly onto your phone — and goes past Apple’s security systems.
Once inside, the spyware, produced by Israel’s NSO Group and licensed to one of its government clients, goes to work, according to forensic examiners for many whose phones were hacked the phone can be hacked multiple times with Pegasus, NSO’s signature surveillance tool.
Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voicemails.
It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction. And all of this can happen without a user even touching a phone. Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple’s reputation for superior security when compared with its leading rivals, which run Android operating systems by Google.
Does the average person really have to worry about the governments breaking into their phone and listening to their conversations or surveilling them through their phone cameras? That’s unlikely. But the reports do suggest that people who have wholeheartedly bought into Apple’s marketing about how secure its devices are — and how hard Apple fights to ensure that security — might want to think again: iPhones can be hacked.