By Categories: Science

It is the name for perhaps the most powerful piece of spyware ever developed – certainly by a private company. Once it has wormed its way on to your phone, without you noticing, it can turn it into a 24-hour surveillance device. It can copy messages you send or receive, harvest your photos and record your calls. It might secretly film you through your phone’s camera, or activate the microphone to record your conversations. It can potentially pinpoint where you are, where you’ve been, and who you’ve met.

Pegasus is the hacking software – or spyware – that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group. It has the capability to infect billions of phones running either iOS or Android operating systems.

The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.

Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed. These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.

In 2019 WhatsApp revealed that NSO’s software had been used to send malware to more than 1,400 phones by exploiting a zero-day vulnerability. Simply by placing a WhatsApp call to a target device, malicious Pegasus code could be installed on the phone, even if the target never answered the call. More recently NSO has begun exploiting vulnerabilities in Apple’s iMessage software, giving it backdoor access to hundreds of millions of iPhones. Apple says it is continually updating its software to prevent such attacks.

Technical understanding of Pegasus, and how to find the evidential breadcrumbs it leaves on a phone after a successful infection, has been improved by research conducted by Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab.

For companies such as NSO, exploiting software that is either installed on devices by default, such as iMessage, or is very widely used, such as WhatsApp, is especially attractive, because it dramatically increases the number of mobile phones Pegasus can successfully attack.

As the technical partner of the Pegasus project, an international consortium of media organisations including the Guardian, Amnesty’s lab has discovered traces of successful attacks by Pegasus customers on iPhones running up-to-date versions of Apple’s iOS. The attacks were carried out as recently as July 2021.

Forensic analysis of the phones of victims has also identified evidence suggesting NSO’s constant search for weaknesses may have expanded to other commonplace apps. In some of the cases analysed by Guarnieri and his team, peculiar network traffic relating to Apple’s Photos and Music apps can be seen at the times of the infections, suggesting NSO may have begun leveraging new vulnerabilities.

Where neither spear-phishing nor zero-click attacks succeed, Pegasus can also be installed over a wireless transceiver located near a target, or, according to an NSO brochure, simply manually installed if an agent can steal the target’s phone.

Once installed on a phone, Pegasus can harvest more or less any information or extract any file. SMS messages, address books, call history, calendars, emails and internet browsing histories can all be exfiltrated.

One of the most significant challenges that Pegasus presents to journalists and human rights defenders is the fact that the software exploits undiscovered vulnerabilities, meaning even the most security-conscious mobile phone user cannot prevent an attack.


 

Share is Caring, Choose Your Platform!

Recent Posts

  • Darknet

    Definition:

    Darknet, also known as dark web or darknet market, refers to the part of the internet that is not indexed or accessible through traditional search engines. It is a network of private and encrypted websites that cannot be accessed through regular web browsers and requires special software and configuration to access.

    The darknet is often associated with illegal activities such as drug trafficking, weapon sales, and hacking services, although not all sites on the darknet are illegal.

    Examples:

    Examples of darknet markets include Silk Road, AlphaBay, and Dream Market, which were all shut down by law enforcement agencies in recent years.

    These marketplaces operate similarly to e-commerce websites, with vendors selling various illegal goods and services, such as drugs, counterfeit documents, and hacking tools, and buyers paying with cryptocurrency for their purchases.

    Pros :

    • Anonymity: Darknet allows users to communicate and transact with each other anonymously. Users can maintain their privacy and avoid being tracked by law enforcement agencies or other entities.
    • Access to Information: The darknet provides access to information and resources that may be otherwise unavailable or censored on the regular internet. This can include political or sensitive information that is not allowed to be disseminated through other channels.
    • Freedom of Speech: The darknet can be a platform for free speech, as users are able to express their opinions and ideas without fear of censorship or retribution.
    • Secure Communication: Darknet sites are encrypted, which means that communication between users is secure and cannot be intercepted by third parties.
    •  

    Cons:

    • Illegal Activities: Many darknet sites are associated with illegal activities, such as drug trafficking, weapon sales, and hacking services. Such activities can attract criminals and expose users to serious legal risks.
    • Scams: The darknet is a hotbed for scams, with many fake vendors and websites that aim to steal users’ personal information and cryptocurrency. The lack of regulation and oversight on the darknet means that users must be cautious when conducting transactions.
    • Security Risks: The use of the darknet can expose users to malware and other security risks, as many sites are not properly secured or monitored. Users may also be vulnerable to hacking or phishing attacks.
    • Stigma: The association of the darknet with illegal activities has created a stigma that may deter some users from using it for legitimate purposes.