military grade spyware Pegasus, used to infiltrate the smartphones of at least 40 journalists in India, has been around since at least 2016 and is one of the most sophisticated hacking tools capable of extracting information from mobile devices.
manufactured by israeli firm NSO GroupAlso known as Q Cyber Technologies, spyware can be used to record calls, copy and send messages or even film people through phone cameras. Spyware can and has been used to target both Apple iOS and Android devices.
Early versions of using Pegasus required the target to click on malicious links sent to entice them, causing the software to silently install on their smartphones and access their private data, including passwords, calls, texts and emails. Enables monitoring.
Spyware has the potential to turn smartphones into 24-hour surveillance devices. This is helped by spyware’s ability to evade most forensic analysis, avoid detection by antivirus software, and inexplicably inactivated or removed by its operators.
Experts say that once installed, Pegasus devices are known as command and control servers (C2S), which are computers or domains that are used to send and receive commands and data to those devices. Huh.
Pegasus is designed to use minimal bandwidth consumption, avoid doubt, by sending regular, scheduled updates to the C2s.
The C2s domain can therefore be used to confirm the Pegasus hack, by correlating its possible timeline when a device may have been infected with time stamps for different data on the linked C2 server.
For example, one such forensic method used by Amnesty International is based on a “provisional correlation” between the first appearance of data in logs and the phone’s communication with known Pegasus installation servers.
Experts from Citizen Lab, an interdisciplinary laboratory based at the University of Toronto, point to concerns over current versions of Pegasus that are more advanced.
Spyware now uses what are known as “zero-click” exploits or attacks, which do not require potential victims to click on a secret and exploitative link to activate.
These “zero-click” attacks are exploited by exploiting “zero-day” vulnerabilities or bugs in the operating systems of devices that have not yet been fixed.
In December last year, researchers including Bill Markzak from the lab noted in a report that government operatives used this advanced version of spyware to hack 36 personal phones of journalists, producers, anchors and news network executives. . al Jazeera.
He pointed to a “zero-click” exploit on the iMessage app that was used to hack Apple’s then-latest iPhone 11 against iOS 13.5.1.
MarkZack noted in a tweet on Sunday that the latest iPhones may also be vulnerable to such zero-click attacks, adding that there “could be a major blinking red five-alarm-fire issue with iMessage security.”
To identify the Apple devices used by Pegasus, Amnesty International analyzed records of process execution and their associated network usage in two database files “DataUsage.sqlite” and “netusage.sqlite” stored in iOS devices.
While the former can be found in the iTunes App Backup folder, the latter cannot, according to the organization.
Amnesty International’s forensic analysis found that devices communicating with the Pegasus C2 domain had records of a suspicious process involving a browser exploit that “prepares for its transition with the full Pegasus suite”.
Hackers can go to great lengths to socially engineer targets and later install vulnerabilities in their devices.
In one such incident, Wife of killed Mexican journalist Dangerous text messages were sent about her husband’s murder for clicking a link and infecting her phone with Pegasus.
Another variant of the spyware targeted 1,400 phones through a software vulnerability that was exploited through missed voice calls on WhatsApp.
The Facebook-owned social media company said it quickly identified and fixed the bug.
Experts warn that not all vectors and methods used to infect devices with spyware are publicly known, raising concerns of a growing cyber arms race.
“We recognize that the solution to this problem will not be easy or easy. It will require a coalition of stakeholders, including governments, the private sector and civil society, in what is now the ‘Wild West’ of continued abuse,” The Citizen Lab reports. has been mentioned.
Experts warn that NSO Group – which only sells Pegasus to governments – and other companies are equipping authoritarian governments With powerful tools holding politicians and administrators accountable.
“Not taking immediate action on this important public emergency threatens liberal democracy and human rights around the world,” he said.