cube
pegasus.jpeg
over

Blogs
From Technology

Project Pegasus & Zero Click Exploits

Pegasus is a spyware flagship product developed by the Israeli cyber arms firm NSO Group. The spyware is capable of infecting the latest patched IOS and Android devices. Pegasus is basically a remote access tool with spyware capabilities, it has to be preinstalled on a target device and by exploiting zero-day vulnerabilities in web and apps. Once the spyware is in place It has access to the infected device’s GPS location, track its movement, access data, contact lists, camera, and microphones, take screenshots, and even perform keylogging.

The spyware has built-in self-destruct capabilities. If Pegasus fails to connect to its command centre and control server for more than 60 days or if it is installed on the wrong device, sim card, it will self-destruct and remove all traces. Pegasus compromises a device in such a way that it allows the attacker to obtain administrative privileges on the device and that allows virtually anything to be done on the infected device.

Governments around the world are desperate for what pegasus has to offer. With Pegasus, they will have unfettered access to all target user's communication, live locations, and movements.  The NSO Group has sold its technology to several governments and the Pegasus project indicates that governments from India to Azerbaijan and Rwanda to Mexico have successfully used NSO’s spyware.

Over the years Pegasus has grown from a relatively crude system that relied solely on social engineering to a piece of software that can compromise a device and even without any user intervention.

Zero Click Exploits

Before the inception of the zero-click hack, Pegasus relied on spear-phishing and active target participation. The source would send a malicious link to the target’s device. If the target clicked a malicious link a page would open on their web browser and download,  execute the malware thus infecting the device.

Various Social engineering techniques and phishing tactics helped increase the chance of a click. The operators would send a spam message just to frustrate the target, then send another mail telling them to click on the link to stop receiving the spam. Other techniques include manipulating targets into clicking messages designed to appeal to their fears or interests.

But eventually, the public became more aware of these tactics and were able to spot these malicious spam, and thus something more subtle was required.

The zero-click exploit was engineered as a workaround for this problem. These exploits are hard to detect as they are linked directly to the OS. These

vulnerabilities do not require any interventions from the target user for Pegasus to compromise the target device. The zero-click exploit relies on the bugs in popular apps like iMessage, Whatsapp, Facebook, and Signals.

How It Works

Recent reports from Amnesty International and Citizen labs on following an alleged attack and data leak of 50,000 potential targets of NGOs Pegasus spy tool. They explained that traces of so-called ‘Zero Click Exploit’ and numerous vulnerabilities were seen on the fully patched iPhone 12 pro max and running the 14.6 updates in July 2021. They further explained that in some cases the iOS will automatically run data within iMessage and attachments. Even when these are from strangers which puts the users at risk.

Zero-Day Exploits

Zero-Day Exploits are security vulnerabilities that the hacker or malware source can use to attack a system. The term “Zero Day” refers to the fact that the device of software vendors has only just learned of the flaw or is yet to provide a patch for the vulnerability which means they have zero days to fix it.

A zero-day exploit can occur when the hacker or the malware uses this flaw as access to infiltrate and infect the system before the developers have a chance to patch the bug. While the vulnerabilities are still open, attackers can write a code to take advantage of it. This is known as exploit code.

The exploit code may lead to backdoors being created, data leaks, and further spyware compromising the device. When such vulnerabilities arise and become known, the developers will try and patch them to stop the issue from being exploited. But security vulnerabilities are not discovered straight away. It can sometimes take days or even months before they are identified and patched.

In recent years hackers have been faster at exploiting vulnerabilities soon after discovery. Exploits are sold on the dark web for large sums of money. Once the vulnerabilities are patched it’s no longer a zero-day threat.

Zero-day attacks are very dangerous as they are identified and exploited by attackers themselves. Once they have infected a network or a device they 

Can carry out the attack immediately or wait for the most suitable time to execute the attack.

The Pegasus Project

A consortium of 6  international media outlets has revealed that “Over 50,000 devices across the world are believed to be targeted and hacked through the use of a spyware called Pegasus”. The report was first published by The Wire and 16 other international publications, which includes the Washington Post, The Guardian, and Le Monde, who are media partners to an investigation conducted by a Paris based non-profit organization Forbidden Stories and rights group Amnesty International into a leaked list of more than 50,000 phone number from across the world that are believed to have been the target of surveillance through Pegasus spyware. From the leaked list more than 1000 individuals in 50 countries were identified as targets allegedly selected by the NSO clients for potential surveillance.      

Are You Vulnerable?

The pegasus exploit has triggered a global panic among several vendors and developers of these exploited vulnerabilities. Apple has immediately issued a Security patch that addresses all 3 major aforementioned vulnerabilities. Google has notified its users who have been affected by the spyware and they are in the process of issuing the patch. As if right now your device could be open to attaching or already might be infected. 

upgradehero
Blog written by

Similar Blogs

Ready to get started?

Get in touch with your brand expert.