Shalev Hulio, a 39-year-old Israeli businessman, ceased to be an unknown character months ago. His company, NSO Group, is behind Pegasus, the controversial software with which several governments have allegedly spied on diplomats, lawyers, activists, opponents and journalists. This week, the spyware has crossed Apple's path again.

On Monday, the Californian company released an emergency update to combat a security flaw found in iPhones, Macs, and Apple Watches. Researchers at The Cityzen Lab at the University of Toronto have discovered that NSO Group has infected Apple products with a very sophisticated method.

"This update is recommended for all users to install as it provides important security updates." This is the message that appears in the description of iOS 14.8, the new operating system that Apple released as an emergency on Monday, one day before the presentation of the iPhone 13 and its new products at the star event that the company celebrates every month of September.

Apple thus responded to the report by The Cityzen Lab that warned of this vulnerability in the system. Spyware turns the infected device into an open book for the spy. It gives you access to your camera, microphone, or text messages, even those sent through encrypted messaging apps like Signal.

That Shalev Hulio spyware is behind the infection of Apple products is no surprise. In recent months, Pegasus has made headlines in the media in various countries around the world. On its website, NSO Group claims that its technology is used to "help government agencies prevent and investigate terrorism and organized crime to save lives around the world." And it is true that their services have been used for these purposes for years. The problem is that their software has also been used to hack the phones and devices of citizens unrelated to crime.

Since 2016, traces of Pegasus have appeared on the phones of activists, doctors, dissidents, lawyers, and journalists. His traces have also been found in Spain. Last year, The Citizen Lab revealed that Pegasus had been used to monitor the smartphone of Roger Torrent, then president of the Catalan Parliament, and that of Ernest Maragall. "I noticed strange things. WhatsApp messages and conversation histories were deleted," Torrent explained to El País and The Guardian, the media that revealed the alleged case of espionage. The Catalan politician accused the Spanish government of being behind the hacking of his mobile. The Ministry of the Interior denied having any relationship with NSO and with the espionage of ERC politicians.

In July, an investigation by a consortium made up of Amnesty International and Forbidden Stories implicated various governments in the hacking of more than 50,000 phones belonging to journalists, senior corporate officials, human rights activists, ministers and diplomats. Among the accused administrations were Saudi Arabia, Morocco, Mexico, Hungary, India, Rwanda and Azerbaijan. The investigation did not clarify if this list of phones was of already hacked devices or possible targets. NSO, for its part, has refused to release the list. He considers the investigation "weak" and insists that Pegasus is a tool to fight crime and terrorism.

The 'Zero-Click' Method

When NSO Group became famous in 2016, it was precisely thanks to an attack that exploited vulnerabilities in Apple's iOS 9. As has happened this week, the Cupertino company resolved that security flaw by updating its operating system.

The new security hole discovered by The Cityzen Lab confirms that Pegasus also uses an attack method known as 'Zero-Click'. According to The New York Times, this new mechanism is considered the Holy Grail of cyber surveillance because it enters the device without notifying the user. That is, no action is required from the victim to install the spyware. Previously, NSO clients infected their targets' mobile phones by sending them a text message encouraging them to click on a malicious link. With this new method it is not necessary to click on any for Pegasus to enter the phone.

This time, the spyware was installed through the iMessage instant messaging program, without the user doing anything to activate it. This security hole affects all versions prior to 14.8 of mobile phones, computers and smart watches of the multinational led by Tim Cook. Users can update the operating system of their iPhones by following the path 'Settings/General/Update'. The process is similar for Mac and Apple Watch.