NSO denied any involvement in Khashoggi's death, insisting that its software is "only to combat terrorism and crime".
The company was condemned as "the worst of the worst" by NSA informant Edward Snowden during a videoconference with an Israeli audience last November.
"The NSO group in today's world, based on the evidence we have, is the worst of the worst sellers of these burglary tools that are currently actively used to violate the human rights of dissidents. opposition and activists, "said Snowden.
I saw the power of Pegasus two years ago. Check Point's mobile security experts, one of the world's leading information security experts, showed me how they could hack a one-click phone, gaining full access to the microphone, camera, keyboard and data.
They say the malware used was similar to Pegasus: a seemingly innocent message appeared on my phone asking me to update my settings, and all they needed to access the phone.
The IT security expert Michael Shaulov launched a startup for computer security in 201
"Even when [NSO Group sells] software specifically for the agency of the security forces 39. order that specifically bought it, in case those guys wanted to go after what we call illegitimate targets, NSO has no control [over it]"he says. "They can not really stop it."
NSO Group claims to be able to monitor all of its software for all of its customers, but would need to actively monitor how customers were using their products before realizing any abuse.
Corporate technology takes advantage of so-called "zero days": hidden vulnerabilities in operating systems and apps that allow hackers to access the internal mechanisms of the phone. The term stems from the fact that software developers have not had time to solve them.
Companies like NSO have teams of researchers who continually reverse-engineer the Apple and Android operating systems to find bugs in the code they can then exploit, says Shaulov, describing the process of finding zero days as "art" in the world black and white part of computer security.
The NSO Group's unique target on mobile devices has made them the "alpha dog" in the market, says Shaulov.  Finding a zero day may take from a few months to more than a year, and there is little guarantee of its long-term effectiveness. But if the weakness is not resolved, it can be repeatedly exploited to hack the phones. Software developers like Apple and Google have dedicated teams to find and fix vulnerabilities, but for them it's no easier than for hackers to find the weak link. Also, developers' priorities may be elsewhere, so even known bugs remain incorrect.
"Unless Apple or Google fix that bug, that vulnerability … can remain for many, many years and NSO can continually sell software that can go through those bugs in the software and infect those phones," says Shaulov.
Khashoggi: "God help us"
The software, able to infect a phone after a single click on a link in a fake text message, then grants hackers full access to phone. Data stored on the phone, messages, phone calls and even GPS location data are visible, allowing hackers to see where someone is, who they are talking to and what.
In the case of Khashoggi, researchers at the Citizen Lab say the text message went to Abdulaziz, disguised as a shipping update on a package he had just ordered. The link, which Citizen Lab says dated back to a Pegasus-connected domain, brought Abdulaziz's phone to be infected with malware, allowing hackers to virtually access his entire phone, including daily conversations with Khashoggi.
In a text, before his death the On 2 October at the Saudi consulate in Istanbul, Khashoggi learned that his conversations with Abdulaziz may have been intercepted. "God help us", he wrote. CNN was granted access to correspondence between Khashoggi and the Montreal Abdulaziz activist.
Two months later Khashoggi entered the building for what he thought was a routine appointment to collect documents that would allow him to marry his Turkish girlfriend, Hatice Cengiz. A few minutes later, he was killed in what the Saudi general prosecutor later recognized as premeditated murder.
The Saudis presented changeable stories about Khashoggi's fate, initially denying any knowledge before claiming that a group of dishonest operators, many of whom belong to the restricted circle of the Saudi hereditary prince Mohammed bin Salman was responsible for the journalist's death.
Riyadh claimed that neither Bin Salman nor King Salman knew of the operation to hit Khashoggi. US officials, however, said that such a mission – including 15 men sent by Riyadh – could not have been carried out without the authorization of bin Salman.
First interview by NSO Group since the company was involved in the Khashoggi case, CEO Shalev Hulio categorically denied any involvement in monitoring the Saudi journalist or his homicide. Defining his death as a "shocking murder", Hulio said that following the checks carried out by the NSO Group, the company would know immediately if their software had been used to track down a journalist.
"We have conducted a thorough check of all our customers not just a client who might be a potential suspect involved in the case, but also other customers who might be interested in following him for some reason," Hulio explained in the report. interview with Yedioth Ahronoth, one of the biggest Israeli newspapers. "We have controlled all our customers, both through conversations with them, and through unfailing technological control: the systems produce their documentation and it is not possible to act against this or that objective without us being able to control it".
"I say on the register that after all these checks no NSO product or technology has been used on Khashoggi, and this includes tapping, monitoring, locating or gathering information. ” data-src-mini=”//cdn.cnn.com/cnnnext/dam/assets/181025171830-jamal-khashoggi-small-169.jpg” data-src-xsmall=”//cdn.cnn.com/cnnnext/dam/assets/181025171830-jamal-khashoggi-medium-plus-169.jpg” data-src-small=”http://cdn.cnn.com/cnnnext/dam/assets/181025171830-jamal-khashoggi-large-169.jpg” data-src-medium=”//cdn.cnn.com/cnnnext/dam/assets/181025171830-jamal-khashoggi-exlarge-169.jpg” data-src-large=”//cdn.cnn.com/cnnnext/dam/assets/181025171830-jamal-khashoggi-super-169.jpg” data-src-full16x9=”//cdn.cnn.com/cnnnext/dam/assets/181025171830-jamal-khashoggi-full-169.jpg” data-src-mini1x1=”//cdn.cnn.com/cnnnext/dam/assets/181025171830-jamal-khashoggi-small-11.jpg” data-demand-load=”not-loaded” data-eq-pts=”mini: 0, xsmall: 221, small: 308, medium: 461, large: 781″ src=”data:image/gif;base64,R0lGODlhEAAJAJEAAAAAAP///////wAAACH5BAEAAAIALAAAAAAQAAkAAAIKlI+py+0Po5yUFQA7″/>