Pegasus is a spyware hacking software suite basically used for the surveillance of individuals that can be secretly installed on mobile phones and other devices that run iOS and Android operating systems.
It was developed by the Israeli cyberarms industry NSO Group, a surveillance technology company, established in 2010, that provides software to government agencies, intelligence, and law enforcement agencies in helping them in detecting and preventing terrorism and crime.
What is Spyware?
Spyware is malicious software that can be installed on a computing device without the user’s knowledge and targets to gather information about a person or organization and pass the information to the hackers in a way that breaks the user’s privacy and threatens their device security.
This malicious software has the capability to scan internet activity, hound login credentials, trace person location, and exploit sensitive information. It can make its way into the computing device via an app install package, file attachment, malicious url, text message, emails, etc.
Pegasus Spyware Discovery and Evolution:
Over the years, the Pegasus spyware evolves the way it infects mobile phones. The first discovery about this spyware was in 2016, where the hackers used a spear fear phishing attack to infect the device. They sent bogus text messages to the targets with a malicious link, by clicking, it will install the software in the background without the user’s consent. This attack was performed on an iPhone device and a year later the same leak was performed on an Android device also.
But now, the software has evolved so much and adapts a more sophisticated approach for reaching the targets. Attackers can now install the infections on the victim’s devices and doesn’t require any inputs from the device owner, which is called a zero-click attack.
This zero-click attack was reported in 2019, when Whatsapp put allegations on NSO group when their Pegasus tool infected more than 1400 mobile phones through a simple Whatsapp call. This will often exploit zero-day vulnerabilities, resulting in the malicious code being installed on the phone without answering the call.
Researchers from the Kaspersky Lab, a cybersecurity company gave the name for this Pegasus software as “total surveillance” while citing its capabilities.
How Pegasus infect the device and how it can damage:
Image source: here
Pegasus can be installed on a phone through many vulnerabilities in devices. Attackers could be tricking the target into clicking a malicious link sent by message and email or through loopholes in the commonly installed apps.
There have been reports that once the software is installed, it can run arbitrary code, collect any data from the device and transmit it back to the attacker. Attackers can delete call logs, extract contacts, photos, messages, web browsing history, settings, and steal information from the communication apps such as Gmail, Facebook, Telegram, Whatsapp, and Skype.
In addition, with the help of this spyware, attackers can listen and record the calls, log keystrokes, turn on the camera to record a video, user’s location history and live GPS location, listen to encrypted audio streams, read encrypted messages, making it the most sophisticated and dangerous spyware tool.
The Pegasus has the ability to hide as far as possible and self-destructs on command in order to destroy evidence if it is not able to communicate with the attacker’s control servers for over 60 days.
Below are the few vulnerabilities found in iOS devices utilized by Pegasus software registered in the CVE database:
- CVE-2016-4655: Information leak in the kernel – A kernel base mapping vulnerability that discloses information to the attacker permitting them to calculate the kernel’s location in memory.
- CVE-2016-4656: Kernel memory corruption results in jailbreak – 32-bit and 64-bit iOS kernel-level vulnerabilities that permits the attacker to covertly jailbreak the device and install spyware software.
- CVE-2016-4657: Memory corruption within the webkit – A vulnerability within the Safari WebKit that permits the attacker to compromise the device when the user clicks on a malicious link.
Recommendations for Pegasus affected devices:
For devices that are affected by the spyware, cybersecurity experts analyze that there might be no chances to completely recover from the Pegasus. Even after a hard factory reset of the device, there are traces of the spyware still found in it. The best recommendation for the victims of this spyware attack is to switch the device altogether and change the passwords of the applications and services they used on it.
In addition, users can check all the symptoms of the compromise through Amnesty International’s GitHub, which is a non-government organization campaign on human rights. Also, this organization provided a modular tool- Mobile Verification Toolkit (MVT) for such examination and analysis.
Controversies and Misuse of the Pegasus spyware:
The company claimed that its products have been effectively used to thwart terrorism, find missing persons, break up criminal missions and assist search and rescue teams. But there are reports from ‘Forbidden Stories’ and ‘Amnesty International’ that the same software is used by authoritarian governments, UAE, Saudi Arabia, India, Mexican drug cartels to spy on opponents and critics.
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.