The smartphones of Spanish Prime Minister Pedro Sanchez and his Defense Minister Margherita Robles were subjected to “illegal” and “outside” eavesdropping using Israeli Pegasus software, the Spanish government said on Monday.
Presidency Minister Felix Bolaños spoke about the facts of “tremendous gravity” that occurred in 2021. He did not specify whether the Spanish authorities are tracing the origin of this interference.
The government filed a complaint about these facts on Monday.
Felix Bolaños indicated that there were “two intrusions” on Pedro Sanchez’s laptop in May 2021 and one on Margarita Robles’ laptop in June 2021. In both cases, the interventions made it possible to extract “a certain amount of data from both mobile phones”.
These revelations come at a time when Spain is in a crisis between the central government of Mr. Sánchez, a socialist, and secessionist circles in the province of Catalonia, who are accusing the National Intelligence Center (CNI, Spanish Intelligence Services) of espionage. .
The case arose on April 18 when Citizen Lab, a cybersecurity project at the Canadian University of Toronto, published a report identifying 65 pro-independence activists, mostly Catalans, whose mobile phones were allegedly hacked by Israeli software between 2017 and 2020.
50,000 mobile phones worldwide
In France in September 2021, Mediapart reported that the smartphones of at least five ministers were infected with spyware. Among them were Jean-Michel Blanquer (Minister of National Education), Julien Denormandy (Minister of Agriculture) or Emmanuel Vargon (Minister of Housing).
According to the non-governmental organization Amnesty International, it was able to hack up to 50,000 laptops worldwide.
Pegasus spyware, developed by the Israeli company NSO, allows, once installed on a smartphone, to access messages, data, or remotely activate the device to capture sound or images.
Among the methods used by attackers to infect their targets’ devices with the Pegasus software, we find the classic methods of sophisticated SMS phishing containing decoy links.
Citizen Lab provides several examples of phishing methods used by attackers: in at least one case, a fake SMS was sent with a link to a boarding pass for a flight actually booked by the target. “In this case, the targeting indicates that the Pegasus operator may have had access to the passenger name record (PNR) or other information received from the carrier,” explains Citizen Lab.
But where traditional methods don’t work, Pegasus can also exploit a vulnerability in the iOS operating system to infect a target device without requiring user intervention. CitizenLab researchers named this “zero-click” vulnerability “HOMAGE” and apparently exploited it “during the last months of 2019.” Citizen Lab estimated that this vulnerability only worked in versions of iOS prior to version 13.2 and that Apple has likely fixed it in newer versions of its mobile operating system.
The NSO has always maintained that the Pegasus can only be sold to states and that such sales must first be given a green light by the Israeli authorities.
Last November, Apple filed a lawsuit against the NSO Group and its parent company seeking a permanent injunction against the use of any Apple software, services or devices.