As Engadget notes, however, a spokesperson for the Israeli company states that the services of the NSO Group are only available to authorized government bodies.
For the past six years, the NSO Group’s main product, a tracking system called Pegasus, has been used by a growing number of government agencies to target a range of smartphones – including iPhones, Androids, BlackBerrys and the Symbian systems popular in the 2000s – without leaving a trace. NSO overcomes these defense mechanisms by remotely-monitored interception.
Pegasus is capable of extracting content such as Global Positioning System locations, text messages, calendar entries and emails from target devices. In the case of iPhones, the client has to pay $650,000 to hack 10 Apple phones or Android phones, $300,000 to hack 5 Symbian phones and $500,000 to hack 5 BlackBerry devices. “NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place”. No phone’s service provider involve. This is ofcourse one of many methods employed. “For the target, we are completely invisible and leave no traces whatsoever”.
The client has to pay a $500,000 installation fee for an initial setup, then they will have various packages depending upon the type of device they want to get access to. And sources tell the NYT that there’s also a strong internal vetting process.
The three flaws in question are: CVE-2016-4655, a kernel base mapping vulnerability that leaks info, allowing an attacker to work out the kernel’s location in memory; CVE-2016-4656, a kernel-level flaw enabling an attacker to jailbreak the device and install spyware; and CVE-2016-4657 – a Safari WebKit vulnerability which allows an attacker to compromise a device if the user clicks on a link.
They have even more advanced plans to increase the sales of its packages such as, $150,000 for 20 extra target devices, $500,000 extra for 50 target devices and $800,000 extra for 100 extra phones or computers. The client has to pay an additional 17 percent of their total bill value as an annual system maintenance fee every year. Once the NSO Group sells its software, the government or law enforcement agency that purchased it can use it for whatever goal. As a result, government agencies have found it harder to track suspects.
The company is one of dozens of digital spying outfits tracking everything a target does on a smartphone.
One indication of the high demand for NSO Group services may be the fact that San Francisco-based private equity firm Francisco Partners, which acquired a controlling stake in NSO in 2014 for $120 million, now considers selling its stake for ten times this price, according to two people approached by the firm. According to the “New York Times”, they market their services “aggressively” to governments and law enforcement agencies around the globe. (Um, okay.) They believe that their services are needed so that officials can track the biggest bad guys of the world, meaning terrorists, drug lords, and kidnapping syndicate leaders, and not your usual two-bit criminals.
Apart from the news that NSO Group had targeted a second individual, this time an activist writing about the Mexican government’s corruption, the New York Times recently published an expose citing internal emails and other company literature belonging to the Israeli firm.
Israel has strict export controls for cyberarms, but the country has never barred the sale of NSO Group technology.