Flemings, a contact-tracking system by NSO, the same Israeli firm that developed Pegasus, is a contact-tracking system developed earlier this year aimed at helping the Governments track the spread of Covid-19. The system allowed governments to feed real location data of people to visualize and track the spread of the virus. The firm claimed that the system would help governments take decisions for public health “without compromising individual privacy”.
However, a researcher in May found a database storing thousands of location data points used by NSO. To this, NSO said that the data used was not based on real and genuine data, it was obtained from advertising platforms, known as data brokers in order to train the system. While Tehilla Shwartz, an Academic and privacy expert said that the data was obtained from data brokers across the globe and collected data from the applications installed on millions of devices.
NSO can deliver the spyware by simply sending a link to the victim, which when opened infects the phone without any interaction through a “zero-click” exploit, as stated by the researchers at Amnesty. A senior researcher at Citizen Lab said that the data originated from phone apps that used a blend of direct GPS data and also phone’s inbuilt sensors for a better quality of the location data. He further said If you’re looking at advertising data — like the kind that you buy from a data broker — it would look a lot like this.”
The researchers said that if the data is real then NSO has violated the privacy of 32-,000 individuals across the countries that are reportedly customers of NSO including Rwanda, Israel, Bahrain, Saudi Arabia, and the UAE.
Bill Marczak, a researcher at Citizen Lab even took to Twitter sharing the Forensic report on how to catch NSO’s Pegasus.
However, NSO Group has totally rejected all the claims stating that it doesn’t know who its customers target.