What Pegasus Can Extract: Complete Device Compromise
Technical analysis of Pegasus spyware capabilities, including access to messages, calls, location, cameras, microphones, and encrypted communications on compromised devices.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreKey Findings
- #1Can extract messages from encrypted apps including Signal and WhatsApp
- #2Activates device camera and microphone for real-time surveillance
- #3Zero-click delivery requires no user interaction to compromise a device
- #4Apple issued multiple emergency patches specifically for Pegasus exploits
- #5WhatsApp sued NSO Group for exploiting calling vulnerability on 1,400 devices
Investigation Details
According to Citizen Lab and Amnesty International analyses, Pegasus spyware can extract virtually all data from a compromised device, including messages from encrypted apps like Signal and WhatsApp, call recordings, location history, photos, contacts, calendar entries, and browsing history. The spyware can activate the device's camera and microphone for real-time surveillance. Pegasus reportedly exploited zero-day vulnerabilities in iOS and Android, requiring no user interaction — a simple iMessage or WhatsApp call could deliver the payload without the target answering. Apple issued emergency security patches multiple times to address Pegasus exploits, and WhatsApp sued NSO Group in 2019 for exploiting a calling vulnerability to infect 1,400 devices.
nso-group has been the subject of increasing scrutiny over its data collection practices practices. Privacy researchers and regulatory bodies across multiple jurisdictions have documented concerns about how the company handles user data, particularly regarding consent, transparency, and data minimization principles. The findings suggest a pattern of prioritizing business metrics over user privacy, a trend observed across the broader technology industry. Users affected by these practices have limited recourse without proactive intervention such as filing formal complaints with data protection authorities or submitting DSAR requests.
Regulatory responses have varied significantly. European data protection authorities have been more aggressive in enforcement under GDPR, while US enforcement remains fragmented across state-level privacy laws. The investigation highlights the need for stronger federal privacy legislation and more transparent corporate data practices. Affected users should consider reviewing their privacy settings, submitting data deletion requests, and exploring privacy-preserving alternatives recommended by independent researchers.
Related Scandals
Take Action
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
What data does nso-group collect?
Our investigation reveals nso-group engages in data collection practices. Technical analysis of Pegasus spyware capabilities, including access to messages, calls, location, cameras, microphones, and encrypted communications on compromised devices.
Is nso-group's data collection practices legal?
The legality of nso-group's practices varies by jurisdiction. Under GDPR, companies must have a lawful basis for data processing. Under CCPA, California residents can opt out of data sales.
How can I protect myself from nso-group?
You can submit a data subject access request (DSAR) to nso-group, opt out of data collection through their privacy settings, or use privacy-preserving alternatives.