Researchers describe the capabilities of software developed by the Israeli company NSO Group as nearly boundless. The tools not only permit access to mobile devices and the conversations they contain, but they also enable data to be pushed into spy terminals.
“The software can control the entire phone,” one expert notes, adding that it grants full rights to transfer data to a remote terminal. The insights come from specialists who participated in the first meeting of a commission of inquiry and who spoke about Pegasus. They explain that the program acts as the phone’s administrator, letting it perform extensive actions. If Pegasus can read files, it can also access authentication cookies that open email accounts. It can replace a user online and embed files into devices. Whether this capability is actually used is hard to confirm, given there is no independent check on the software’s behavior, and the possibility cannot be ruled out that a version exists which can embed files.
Experts note that NSO must know who its customers are because the company continues to provide support services to license holders. It is argued that the system cannot be used without NSO’s ongoing assistance. Statements from the company claim that it does not know who the victims are and that it monitors customers for abuse, but researchers see this as a contradiction and suggest the worst-case scenario is likely. They maintain that the manufacturer does indeed know the identities of victims and that technically possible operations exist.
iPhone, easy hunting
Haertle points out that iPhones are particularly vulnerable and more susceptible to spying than Android devices due to the greater fragmentation across iPhone models. He explains that Android would require multiple versions targeting a single device, making it harder to execute a broad attack. Evidence of espionage in Android devices is also more challenging to detect, he notes.
When it comes to assigning blame for such surveillance to a government, the experts acknowledge the challenge. Intermediary operators and concealed data routes complicate attribution. Yet they emphasize that there are techniques to identify patterns across attacks and to infer which operator might be behind them. One analyst referenced a secure research group that has tracked assaults under a codename related to a well-known case, illustrating how patterns emerge when multiple incidents are analyzed together.
The discussion reveals that while licenses enable spying in specific countries, many customers can press for broader access. If a client pays a substantial sum for an enhanced capability, NSO can allow targeting with only minor restrictions—though Israel and the United States are often exempt from license-based spying. Licensing data remain undisclosed, but experts suggest that the price ranges from millions to tens of millions of dollars depending on the espionage features required. Nations such as Israel, the United States, Germany, Russia, France, and others, as well as various firms worldwide, have their own security ecosystems that influence how these tools are deployed and controlled.