German government admits buying Pegasus spyware, says ‘limited’ to respect privacy laws

The German government has reportedly admitted to buying Pegasus spyware, despite the fact that using some of the functionality would break privacy laws in the country.

Sources cited in the report say that the version purchased from NSO had certain features disabled so that its use would be lawful in the country …

Background

As outlined in our guide:

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is said to be capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, it’s reported that simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed […]

In July 2021, Apple issued an iOS security fix that appears to match the exploit reportedly used by NSO, though security researchers say that Apple needs to do more.

German government privately admits buying Pegasus spyware

German international broadcaster Deutsche Welle reports.

The German Federal Criminal Police Office (BKA) bought notorious Pegasus spyware from the Israeli firm NSO in 2019, it was revealed Tuesday.

The federal government informed the Interior Committee of the Bundestag of the purchase in a closed-doors session, parliament sources said. That confirmed earlier reports published in German newspaper Die Zeit.

The software was procured under “the utmost secrecy,” according to Die Zeit, despite the hesitations of lawyers as the surveillance tool can do much more than German privacy laws permit.

However, the version purchased by the BKA had certain functions blocked to prevent abuse, security circles told the paper ­— although it is unclear how that works on a practical level.

The revelations were a result of joint research by Die Zeit as well as daily Süddeutsche Zeitung and public broadcasters NDR and WDR.

Although the purchase dated back to 2019, and negotiations all the way back to 2017, the report says that the police only took delivery of it in 2020, and the first use appears to have been this year “in select operations concerning terrorism and organized crime.”

The German government has so far refused to comment publicly. One lawmaker who raised the issue was told in an official response just yesterday that national security overrode public interest in certain matters.

Given that some countries have used Pegasus to target journalists, a press union has sought assurances about its use in Germany.

Frank Überall, the chairman of the German Journalists’ Association, said the union wanted to know “whether journalists were spied on without their knowledge, whether their sources are still safe.”

Photo: Brad Pouncey/Unsplash

Check out 9to5Mac on YouTube for more Apple news:


You can follow iPhoneFirmware.com on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.