Thousands of high-profile people were targeted by Pegasus spyware, which can monitor and extract data from infected devices, according to information released this week. From journalists and activists to heads of state—including Macron- many high-profile people were targeted by this spyware.
The Israeli company NSO Group created the Pegasus spyware, marketed to government intelligence, military, and law enforcement organizations to provide “authorized states with technology that helps them fight terror and crime.”
Pegasus is capable of infecting iPhones and Android phones, and it often exploits zero-day vulnerabilities. In some instances, it is even transmitted through a zero-click attack. These assaults may succeed if a malevolent person is within range of the phone they wish to hack or if merely phoning or sending an email to the phone exploits weaknesses and allows spyware to take control of the device. Other potential vectors include SMS (as described in 2016), iMessage, or WhatsApp (as discussed in 2019). In certain instances, users may not even need to click links or take any steps to activate the spyware.
Pegasus may gather data from a device and transmit it back to an attacker after installing it on the phone. Data from text messages, emails, WhatsApp conversations, calendars, and contacts may be copied. It can also steal pictures, turn on the microphone and camera, and record phone conversations, among other things. Everything that happens on a Pegasus-infected phone may be seen from afar.
What and Who is at Risk?
The NSO Group exclusively distributes its spyware to governments, law enforcement agencies, and the military, implying that the government sanction any misuse of the program. The “Pegasus Project,” a joint journalistic investigation of the NSO Group and its customers, uncovered data that included 50,000 phone numbers of infected devices. The bulk of these figures came from Mexico, the Middle East, and North Africa. Still, there were also significant numbers from Europe, Afghanistan, and other places. The Indian government is accused of carrying out the assaults on the Dalai Lama’s closest circle members. Pegasus is also thought to have been used by the Saudi government to hack Jeff Bezos’ phone in 2018.
Finding out if a device has been infected by Pegasus is difficult; Amnesty International outlines the forensics used to determine if phones have been compromised by looking for traces left behind, and has released a Mobile Verification Toolkit (MVT) that advanced users can install to see if their phone has been affected. This isn’t simply a tap-and-go app; it requires some Terminal installation, which then verifies data in an iPhone backup on a computer.
While this kind of targeted assault is often reserved for high-profile people, it’s conceivable that others have been targeted as well.
In response to The Guardian, Apple said, “Apple firmly opposes cyberattacks against journalists, human rights advocates, and anyone working to make the world a better place.” Apple has been at the forefront of security innovation for more than a decade. Consequently, security experts believe that the iPhone is the safest and most secure consumer mobile device available. These attacks are highly complex, cost millions of dollars to create, have a limited shelf life, and target particular people. While this means they pose no danger to the vast majority of our users, we continue to work diligently to safeguard all of our customers’ devices and data.
Apple acknowledges that spyware such as Pegasus cannot be prevented from infecting iPhones but dismisses the danger, claiming that it is only “used to target particular people.” However, the statement continues, “we continue to strive diligently to defend all of our clients,” which seems to contradict the first part of the article since they are plainly stating that they are unable to protect everyone.
While the vulnerabilities exploited in this kind of attack “typically have a limited shelf life,” new ones are constantly found. While some “white-hat hackers” who find gaps report them to Apple, in part to take advantage of the company’s bug-bounty program, which rewards technology firms who find serious flaws, “black-hat hackers” sell exploits for millions of dollars to organizations like NSO Group or gray-market vulnerability brokers.
Because Apple doesn’t allow virus protection to operating on iOS devices, consumers have no way of knowing whether they’ve been infected by Pegasus. The only method to tell whether Pegasus spyware is installed on an iPhone is to utilize MVT, which isn’t very user-friendly. (VirusBarrier X9, the only Mac security that can inspect the contents of iPhones, may also detect other viruses on iPhones.)
Apple distributes security upgrades regularly to address vulnerabilities that it has found or been made aware of. Still, it’s a never-ending cat-and-mouse game, as each software update offers fresh opportunities for malevolent individuals to get into devices.
Pegasus spyware has infected vast numbers of phones too far, allowing it to control the phone and its contents.