Pegasus Targeting Apple Devices

In News

• A new zero-day, zero-click exploit called ‘FORCEDENTRY’ has been discovered in Apple’s iMessage service.
• It was allegedly used by Israel’s NSO Group to install Pegasus spyware in devices including the iPhone, iPad, MacBook and Apple Watch. 

About 

• The exploit was discovered by researchers at Toronto-based Citizen Lab, who have been investigating the extent to which Pegasus is being used to spy on civilians, politicians, judges, activists, etc.
• The Citizen Lab has advised everyone to update the operating systems on their Apple devices as the exploits can potentially affect their smartphones.

What are zero-day, zero-click hacks?

• These are essentially hacks that occur without any intervention of the victim, using a loophole or a bug in particular software, the existence of which its developer is unaware.
• The same kind of exploit was earlier used to install Pegasus in WhatsApp and iMessage.
• Zero-day attacks were a quantum leap in the world of cyber warfare, prior to which spyware such as Pegasus was deployed using attack vectors such as malicious links in an e-mail or an SMS, that were smartly crafted to trick the recipient.

About Spyware Pegasus

• Pegasus is spyware that can be installed on devices running some versions of iOS, Apple’s mobile operating system, as well on devices running on Android. 
• It was developed by the Israeli cyber arms firm NSO Group.
• Functioning: It mainly uses Exploit Links for its working. Clicking on such links automatically installs Pegasus on the user’s phone. The method of Social Engineering is used.
  • In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. 
  • This differs from social engineering within the social sciences, which does not concern the divulging of confidential information.
• In July, Indian news portal The Wire reported that a leaked global database of 50,000 telephone numbers believed to have been listed by multiple government clients of NSO Group includes over 300 verified Indian mobile telephone numbers, including those used by ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists and others.

Challenges with Pegasus

• Unlimited access to the target’s mobile devices: It collects information remotely and covertly about the target’s relationships, location, phone calls, plans, and activities whenever and wherever they are. It tracks targets and gets accurate positioning information using GPS.
  • It also gives the attacker control to the phone’s camera and microphone and enables the GPS function to track a target.
• Intelligence gaps: Collects unique and new types of information (e.g., contacts, files, environmental wiretap, passwords, etc.) to deliver the most accurate and complete intelligence.
• Intercepting calls: It transparently monitors voice and VoIP calls in real-time.
• Decoding encrypted content: It overcomes encryption, SSL, proprietary protocols and any hurdle introduced by the complex communications world.
• Application monitoring: Monitors a multitude of applications including Skype, WhatsApp, Viber, Facebook and Blackberry Messenger (BBM).
• Bypassing Service provider: No cooperation with local Mobile Network Operators (MNO) is needed to attack. 
  • It constantly monitors the device without worrying about frequent switching of virtual identities and replacement of SIM cards
• Avoids unnecessary risks: The spyware eliminates the need for physical proximity to the target or device at any phase.
• Terrorist activities: Terrorists and other anti-social elements have started using more cyberspace which provides them with more getaways.
• Digital Attacks: Pegasus had been used in some of the “most insidious digital attacks” on human rights activists in the world. 

Methods to Secure Devices from Pegasus

• Regular Updates: Always update the operating system to the latest version. Apple and Google regularly release updates which include security patches for vulnerabilities and malware. 
  • Both Apple and Google have released fixes for Pegasus. 
• Remain Careful & Vigilant: Pegasus spyware (as well as all sorts of other malware) infiltrates phones by way of the phone user clicking a link in a text message, email, Twitter post, or any other means. 
  • When receiving any message with a link, make sure one is familiar with the person sending the link and actually verify that the message along with the link is coming from the authorized person.
• Secure Communications: It is critical to maintaining secure communications including calls and messages that are not vulnerable to Pegasus and other malware. 
  • Secure calls and messages will ensure secure communication even when spyware infiltrates phones and one is “under mobile surveillance.”
• Online database: It is launched by Forensic Architecture, Amnesty International and the Citizen Lab to document attacks against human rights defenders.

• It showed the connections between the ‘digital violence’ of Pegasus spyware and the real-world harms lawyers, activists, and other civil society figures face.

Source: IE