For a brief introduction, Pegasus is basically spyware that can be deployed silently against a target and used to monitor everything on a person’s mobile device. According to the file, the Pegasus software was first identified by research at the Citizen Lab at the University of Toronto, where it was discovered that Pegasus could initiate what is known as a “clickless exploit”. which means that it could be deployed without any input from the user. The attack, which Citizen Lab named FORCEDENTRY, worked in several stages. First, the company reportedly contacted Apple’s servers in the United States to identify other Apple users, and then worked to confirm that the target was using an iPhone. Then it sent “bad data” to the target through iMessage, which turned off logging and allowed it to download a larger file, which was the payload. This larger file was stored on iCloud servers and then delivered to the targets’ phones. With Pegasus’ payload in place, it began to communicate with a command and control server, through which a person could send commands to the phones. This allowed third parties to remotely control phones, suck up call logs, web browser history, contacts, and even let them turn on the phone’s microphone and camera, and send this back. that he captured at the nefarious server. A consortium of global journalists launched an investigation into the situation in July, dubbed the Pegasus project, and discovered: “Military grade spyware licensed by an Israeli company to governments to track terrorists and criminals has been used in successful attempts to hack 37 smartphones belonging to journalists, human rights activists, business leaders and two women close to the murdered Saudi journalist Jamal. Khashoggi.
It sounds like pretty standard spyware, but what is so remarkable about it is the zero click aspect, as usually a user has to initiate the malware / spyware deployment by clicking on a link sent to them. , or by taking some sort of action. Not this time. This type of activity is only possible because NSO Group and other companies like this employ researchers who work to uncover unknown vulnerabilities in popular software such as iOS, Microsoft Windows and others, and use these. security vulnerabilities to develop software that can penetrate target devices. before the developer realizes that there is a flaw. Security breaches are commonly referred to as Zero Days because the developer has had zero days to fix the security breach. Companies like Apple, Microsoft, Google, and others have their own massive cybersecurity teams that work to find these security holes before malicious actors do, but given the complexity of the software involved, it’s an endless battle against threats. companies like NSO Group. Additionally, in September, Apple fixed vulnerabilities that allowed Pegasus to work with its iOS 14.8 update, and in its press release, the company notes: “Apple has not observed any evidence of remote attacks. successful against devices running iOS 15 and later.
This is not the first time that NSO Group has made headlines. The US government blacklisted the company earlier this month, “after determining that its phone hacking tools were used by foreign governments to” maliciously target “government officials, activists, journalists , academics and embassy staff around the world, “according to The post office. The company is also involved in a lawsuit with WhatsApp on claims that its spyware was used to hack 1,400 users of its application. Earlier this month, the Ninth Circuit Court of Appeals dismissed NSO Group’s claim that it should be granted “sovereign immunity” in the case.
If you’re interested in a deep dive on the NSO Group, the podcast Darknet logs recently posted an episode about it, including an interview with the Citizen Lab researchers who discovered Pegasus. You can also read Apple’s full complaint here.
- Apple Releases Emergency Security Updates To Close “Zero Click” Pegasus Spyware Flaw
- Zoom security issues: Everything that’s gone wrong (so far)
- Nike Air Zoom Pegasus 38 review
- Apple sues NSO Group for attacking iPhones with Pegasus spyware
- Phones of Finnish diplomats infected with NSO Group Pegasus spyware