Pegasus spyware cracks Apple iOS security like no other malware

Apple once claimed the non-existence of spyware and malware available to hack their products. While it still prides itself on the security of its desktop and mobile operating systems, there’s one piece of spyware that not only got through its barriers and blocks but is practically undetectable.

Pegasus was created specifically to work its way inside the seemingly impenetrable iPhone. It was to monitor and download each user’s text messages, browser history, listen to calls and conversations, access images, track keystrokes, and gain access to almost everything there is on each target device it infects.

Even more worrying, this incredibly sophisticated hack will self-destruct on detection or if it’s laid dormant for too long—making it even harder to trace and detect.

Who are the NSO Group, and are they behind the Pegasus software?

Pegasus was first uncovered when Ahmed Mansoor, a UAE human rightsactivist, spotted a few SMS text messages with dubious looking links. He forwarded each suspect text messagelink to security experts, Citizen Lab, who collaborated with Lookout, another cybersecurity firm, to look into what they were designed to achieve.

Citizen Lab found Pegasus—a spyware installation that would jailbreak an iPhone and install itself with very little problem. It was one of the most sophisticated spyware attacks either company had ever seen.

Pegasus was traced to the NSO Group, an Israeli spyware development company.

The NSP Group creates software, security and surveillance systems for lawenforcement agencies and government intelligence to detect threats in accordance with their operations. However, with the software in circulation amongst less reputable operators, its use was detected in up to40 different countries on the phones of activists, human rights defenders, lawyers and journalists. When WhatsApp detected the malware on their system, they suggested that it had infected around 1,400 devices.

Looking at the commercial application, this type of surveillance software istypically used as a targeted infection, often aimed at eavesdropping on a specific individual, uncovering information into criminal activity by the investigating government agencies. Yet, in less official hands, the system appears to have accessed information based around several human rightsissues and their associated arenas. A similar type of surveillance software/spyware to Pegasus—called FinFisher but also known as FinSpy was uncovered by the security specialists at Amnesty International. Once again, showing that, recently, human rights activists have been some of the most regularly monitored using such sophisticated malware options.

How does Pegasus malware work?

As such an advanced piece of surveillance technology, Pegasus has proven to be incredibly efficient. Once it scans the target device, it installs modules to read emails, messages, listen to calls, capture screenshots, monitor browser histories, contacts, and more. It records keystroke logs, accesses passwords, utilises your phone’s microphone and camera, and even deciphers your encrypted messaging services.

Although it isn’t guaranteed to crack all of your app storeapps, it’s safe tosay it can access the most personal and private data you hold in your phone—even the conversations and views your microphone and camera are close enough to pick up.

It would appear nothing is off-bounds to Pegasus, and that’s why its applications are so dangerous.

Can Pegasus be detected?

When it comes to staying undetected, Pegasus hides intelligently using built-in self-destruct capabilities. If the Pegasus malware isn’t in contact with its command-and-control centre for over 60 days, it self-destructs, removing all traces as it does. Also, if it detects that it was installed on thewrong device or sim card, once again, it will self-destruct, leaving no traceof itself behind.

What data and personal information does Pegasus detect and monitor?

  • Records conversations, audio streams, and images using the phone’s microphone and camera
  • Tracks GPS location at all times
  • Logs keystrokes
  • Logs text messages, SMS messages, and emails
  • Records phone calls
  • Records personal data, including passwords and contacts
  • Cracks many encryption services and two-factor authentication
  • Recent versions have even shown to crack cloud-based accounts connected to the phone

How is Pegasus spyware installed?

The difference between Pegasus and many of the other spyware and malware threats was in the ease it could infiltrate each mobile phone.

All it required was for the hacker to make a WhatsApp voice call to the recipient phone, and that was enough to access the operating system and launch the code. You didn’t even have to answer the call. Typical, traditional methods of clicking a link to a particular URL could also load the spyware to each mobile, but the simplicity of making a WhatsApp call to the targeted mobile device was something nobody had seen before.

Fortunately, since the initial attacks, WhatsApp and Apple have sealed theholes in each of their systems, providing updates to keep Pegasus at bay and personal data loss to a minimum—for the time being, at least. However, it may only be a matter of time until its creators find another way through both iOS and Android barriers to put their spyware in place.

How Pegasus infects iOS iPhone users

On iOS, the NSO Group found three zero day vulnerabilities (a zero day is the first day a new version of the software is released, one with a vulnerability that hackers can exploit) which allowed them into the once incredibly secure system.

Previously, only jailbroken iPhones offered this kind of entry, but Pegasus was so sophisticated it would access each phone and jailbreak the device itself, all without the user knowing it was happening.

For similar spyware, for iPhones that weren’t jailbroken, a hacker would need physical access to the device or deliver some kind of social engineering to introduce the malware. Pegasus proved to be a whole load smarter than anything orchestrated by its predecessors.

How Pegasus infects Android users

Having cracked the almost impenetrable iPhone, NSO Group moved on to Android mobile devices. With practically the same structure and access of Pegasus, NSO Group developed a new version that found its way through the Google Android architecture via a more established method of rooting called framaroot.

Despite access coming through a different means, the end result was the same. Google termed the Android version of Pegasus Chrysaorand set up security update patches to prevent further versions of this spyware from breaking into its phones and block unwanted access.

How do you know if you are infected by Pegasus?

Chances are, you don’t. There are no visible signs of a Pegasus infection; the only real way to know it’s on your iPhone was if you received a warning message from WhatsApp when the first major attack occurred. The messaging giant alerted all users that showed the spyware on their mobile device, urging them to update to the latest version, one that had fixes in place to keep their users safe.

Citizen Lab, one of the cybersecurity specialists involved with tracking and revealing Pegasus infected devices, also sent a bevvy of messages to affected users.

Stay safe—prevention is key to keeping your data under wraps

With WhatsApp, Android and iOS releasing regular security updates, keeping your operating system up-to-date with the latest version and each new security patch should help keep malicious malware at bay. It’s not only Pegasus that can break through your defences; there are hundreds of malware threats to guard against.

The technology behind malware is developing faster than ever. Spyware developers need to find new ways into our mobile devices to access the data they want to trace. Without them, they don’t have a product they can sell to their clients.

Keeping your operating system up-to-date is only one way to protect your phone or mobile device. Installing trusted malware and spyware-detecting software to protect yourself is another. It’s a small commitment for a great deal of added peace of mind.

And finally, stay vigilant! If you spot anything that doesn’t look at all reputable—emails, texts, or messages that contain links you don’t understand or remember asking for—delete them straight away. Then, run a scan for malware and spyware to ensure your mobile is still secure and uninfected.

Thank you and as always, let me know if you have any questions or need any help

Max Roberts