The House of Representatives intelligence committee heard testimony from a Citizen Lab researcher and a Google threat-analysis expert on the rapid proliferation of commercial spyware that allows authoritarian regimes to monitor the phones of dissidents and journalists without anyone’s knowledge and without even an accidental click from the target.
“Your phone can be on your bedside table at 2:00 in the morning – one minute your phone is clean, the next minute the data is silently streaming to an adversary a continent away,” Citizen Lab told the committee.
“It can access your texts and phone calls, it can access your encrypted chats, your pictures, your voice notes, anything you can do on your phone … and some things you can’t, like silently enabling the microphone and camera, or gaining access to your cloud accounts,” he said, describing one of the most notorious examples, the Pegasus spyware of Israeli company NSO Group.
The committee’s chairman, Adam Schiff, described the growth of spyware as an “acute and rapidly evolving threat” that could affect people worldwide.
“It’s a game-changer for autocratic regimes that are looking for new means to surveil, intimidate, imprison or even kill dissidents, journalists and others who they view as a threat,” he said.
A decade ago, only a small number of powerful states had the capacity to spy on cellphones and computers. But now, sophisticated surveillance technology is being sold to dozens of countries worldwide.
He said his group is tracking more than 30 vendors of commercial spyware “with varying levels of sophistication and public exposure” selling surveillance technology to state-sponsored organizations.
Last December, NSO Group’s technology could install spyware on phones by sending an iMessage to a target, even if the target did not click on a link.
“Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defence.”