Pegasus is originally Military-grade software for tracking terrorists and criminals. However, according , Pegasus is only used to It was first discovered in 2014, infected phones via spear-phishing: either specifically crafted text messages or emails that lure a target into clicking on a malicious link. to NSO Group “investigate terrorism and crime” and “leaves no traces.” In short, Pegasus is a spyware that is developed, marketed, and licensed to governments worldwide by the Israeli cyber-surveillance company NSO Group. It is perhaps the most potent piece of spyware ever (certainly by a private company). It is capable of infecting billions of phones using either iOS or Android operating systems. “Zero-click” Attacks Using end-to-end encryption software like Whatsapp or Signal on mobile ensures the confidentiality of your conversation. But Pegasus is so powerful that it can monitor keystrokes, access microphone, and camera, and finally, turn the mobile device into a spying device of the user. NSO enhance Pegasus attack capabilities ever since. At this moment, it is confirmed by the different testing reports that (If you want to go through all the forensic details of Pegasus, you can visit the report ) Pegasus can infect devices using “zero-click” attacks. here. As the name implied, (i.e., they can “leaves no traces” as claimed by NSO Group). Most recently, a successful “zero-click” attack has been reviewed, exploiting various (the updated version of iOS as of this moment) in July 2021. “zero-click” attacks do not require any interaction from the victim zero-days to attack a fully patched iPhone 12 running iOS 14.6 Once a vulnerability is found, Pegasus can infiltrate a targeted device using the protocol of the app. The user does not have to click on a link, read a message, or answer a call. The worst thing is, the user may not even see any missed call or message. When comparing iOS with Android, iOS was considerably more secure, but despite all the hypes. Researchers have in recent years via zero-day exploits. Apple iPhone is no match for Pegasus documented successful attacks against iOS Pegasus Network Injection Attacks Knowing that your devices may be infected without notice, it is worth mentioning what kind of damage it can cause. One of the major parts of spyware is to capture the activities you make on the device. In October 2019, documented the URL redirection that happened in the infected devices. Therefore, it can be concluded that network injection attacks are performed the report by Amnesty International either through tactical devices, such as rogue cell towers, or dedicated equipment installed at the network operator. The , focused on the Moroccan Journalists attacks, explained these URL redirections happen when the It “hooks” into messaging systems including follow-up report in 2020 infected devices navigate not only via web browsers but also when using other apps. Gmail, Facebook, WhatsApp, FaceTime, Viber, WeChat, Telegram, Apple’s built-in messaging and email apps, and others. With the redirection happening before the URL's actual browsing, the spyware sends all your browsing activities, including those made from apps, to an open-source Textpattern content management system (CMS) which bypasses the encryption in place. Pegasus’ BridgeHead Despite the Amnesty International, Citizen Lab, and other reports regarding Pegasus spyware attacks based on the domain names and other network infrastructure used to carry the attacks. Other traces are showing that Pegasus left behind other malicious payloads. As pointed out by Mobile Security Firm Lookout in their the spyware could infect a system by the “zero-click” attacks using a vulnerability in the iOS. Afterward, it will maintain persistence of itself and leave exploit code on the device after reboot. technical analysis of the Pegasus Exploits on iOS, All traces reported point to the same process with the internal name assigned by NSO Group — This “bh” process appeared right after the successful network injection. Researchers believe that the BridgeHead module executes the following: “bh” or “BridgeHead.” completes the browser exploitation, roots the devices, and prepare for Pegasus suite full infection. Use This Tool to Check If Your Phone’s Been Hacked by Pegasus If you’re concerned about how terrifying that is, there’s a tool you can use to check whether Pegasus has infected your phone. ) was created to assist with the “ ” according to its Github site. The Mobile Verification Toolkit (MVT consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise, This toolkit has been developed and released by the in July 2021 in the context of the , and it supports two platforms: iOS and Android (Obviously). Amnesty International Security Lab Pegasus project mvt-project/mvt You can find the documentation . here Final Words The most comprehensive investigation conducted regarding the impact of Pegasus was conducted with 16 other media partners, and most importantly — to a list of more than by The Washington Post a data leak led the consortium 50,000 phone numbers of activists, journalists, senior business executives, and politicians. Two driving forces make this attack inevitable: The increasing number of vulnerabilities found/ discovered on mobile apps/ OS itself; The broad adoption of mobile devices by everyone, including journalists, politicians, activists, and business people worldwide — as well as terrorists and criminals; Both of them have provided the foundation of the rise to the commercialization of such military-grade mobile hacking tools to whom willing to pay. While the chances are pretty low that NSO’s spyware has targeted the ordinary mobile user, you never know. Even if you are on the latest update and keep everything under control, it is not much you can do right now to prevent the attack as mobile users. The reveals of the whole Pegasus project fuel a debate about whether Apple and Google or other tech companies have done enough to protect their customers from unauthorized intrusions. Also Published At: https://medium.com/technology-hits/takeaways-from-the-mighty-pegasus-the-nso-group-spyware-524e6fc3a698 For a more detailed technical review of Pegasus: NSO Group Archives - The Citizen Lab Forensic Methodology Report: How to catch NSO Group's Pegasus Thank you for reading. May InfoSec be with you🖖.

Apple

Facebook

Google

Target

Trace

Interested in Infosec & Biohacking. Security Architect by profession. Love reading and running.

Understanding Pegasus: How to Trace the Untraceable

Too Long; Didn't Read

Companies Mentioned

Zen Chan

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...