Last Updated on August 4, 2021 by Macsoftbox
Pegasus is the new spyware that is making headlines around the world. Although your iPhone is most likely not on the list of infected phones, we have thought that it is our obligation to offer you as much information as possible to know why it is so important.
Although spying is obviously not legal, the Pegasus spyware created by the NSO Group targets high-level politicians, members of the administration and journalists, and was unsuccessful more than half of the time.
For example, Amnesty International examined 67 phones and found that “23 had been successfully infected and 14 showed signs of attempted infection.” Of those phones, virtually all were iPhones, according to their research.
Of course, that they are iPhones does not mean that the iPhone is more insecure than Android phones, but that iPhone is used massively – precisely for its security and privacy in that demographic.
Who is NSO Group?
NSO Group is an Israeli company specializing in cybersecurity.
What is Pegasus spyware?
Pegasus is software developed by NSO Group to spy on anyone with a mobile device.
How does the attack occur?
The attack is produced by various vulnerabilities in various commonly used applications, such as iMessage and/or WhatsApp, which were not known.
What is a zero-click attack?
Zero-click is an attack where there is no user interaction. Typically, the attacks are with an input vector in which the user interacts by clicking a link or opens a file.
Why through iMessage and WhatsApps (Messages)?
Because they are applications that most users have. Therefore, they are more accessible and also found vulnerabilities for their exploitation.
Is it a system developed to attack specific mobiles (persons of interest), or can it be used in a generalized way?
Yes, it could, although it is not interesting to monitor everyone. Not all conversations are worth money. As we always say, information is power. Imagine listening, reading emails, pictures, etc., of the president of a government, president of an IBEX company, etc. Such information would be worth a lot of money.
Should we worry?
You always have to worry. Security in any of its areas requires it.
Do we ordinary users have to change something?
Yes. Worry more about security. All systems can be updated as long as the update system requires it.
Are iOS and Android equally safe?
Faced with this type of attack, both are equally insecure.
What other attacks can occur today, and how could they affect us as Apple users?
That is not an easy question to answer since it depends on the version of the installed operating system, installed app versions, etc. Therefore, we will find countless attacks. Not only the unknown ones if not already known, however, but we also request that all systems and applications be updated to reduce the risk. Risk 0 of an incident does not exist, but we can try to reach it.
Amnesty International has created the Mobile Verification Toolkit that will detect if your phone has Pegasus spyware installed. The tool is used using the Terminal on macOS and uses the latest backup of the iPhone (that is, if you are going to use it, we recommend that you make an encrypted backup of the iPhone – the encryption allows many more files to be included in the backup security so that the analysis will be more complete).
To use it, you have to install libusb in addition to Python 3 using Homebrew.
As you may have heard, @amnesty has released mat-detect. an amazing tool for detecting whether your device has evidence that it may have been touched by the Pegasus spyware. In this thread I am going to tell you about my experience and lessons using this tool one iOS. (1/13) pic.twitter.com/pJRTv4FVPf
— Ray [REDACTED] (@RayRedacted) July 21, 2021
After Pegasus comes Sourgum:
The new spyware is called Sourgum, which has already been detected on computers in Spain and can affect smartphones.
Microsoft has explained in its cybersecurity blog that malware called “Sourgum” has been used to spy on more than 100 people. Among them are politicians, activists, journalists, academics, embassy workers and political dissidents.
This malicious code has been created by Candiru, an Israeli company that specialized in selling software to governments and attacks the Windows operating system. According to Microsoft, the malware has been used in Spain, specifically in Catalonia, as well as in other countries.