A government could read every email, text and website visited; listen to every phone call and watch every video conference; download calendar entries, monitor GPS coordinates, and even turn on the camera and microphone to see and hear where the phone was at any moment.
Despite using Apple gear, Radi was not a normal hack who knew nothing about technology. He was trained in encryption and cyber security. He hadn't clicked on any suspicious links and didn't have any missed calls on WhatsApp — both well-documented ways a cell phone can be hacked.
Amnesty International said Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit a website. Forensic evidence gathered by Amnesty International on Radi's phone shows that it was infected by "network injection", a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser. The software is called Pegasus and it is made by the Israeli technology firm NSO Group. Amnesty International concluded in its report that the surveillance was conducted by Moroccan authorities.
Two more human rights advocates in Morocco have been targeted by the same malware, the article reports.