What is Pegasus spyware and how does it hack phones?

bnew

Veteran
Joined
Nov 1, 2015
Messages
54,958
Reputation
8,185
Daps
155,433
What is Pegasus spyware and how does it hack phones?

David Pegg and Sam Cutler
Sun 18 Jul 2021 12.00 EDT

5000.jpg

Pegasus can infect a phone through ‘zero-click’ attacks, which do not require any interaction from the phone’s owner to succeed. Composite: AFP via Getty
NSO Group software can record your calls, copy your messages and secretly film you



It is the name for perhaps the most powerful piece of spyware ever developed – certainly by a private company. Once it has wormed its way on to your phone, without you noticing, it can turn it into a 24-hour surveillance device. It can copy messages you send or receive, harvest your photos and record your calls. It might secretly film you through your phone’s camera, or activate the microphone to record your conversations. It can potentially pinpoint where you are, where you’ve been, and who you’ve met.

Pegasus is the hacking software – or spyware – that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group. It has the capability to infect billions of phones running either iOS or Android operating systems.



The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.


Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed. These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.

In 2019 WhatsApp revealed that NSO’s software had been used to send malware to more than 1,400 phones by exploiting a zero-day vulnerability. Simply by placing a WhatsApp call to a target device, malicious Pegasus code could be installed on the phone, even if the target never answered the call. More recently NSO has begun exploiting vulnerabilities in Apple’s iMessage software, giving it backdoor access to hundreds of millions of iPhones. Apple says it is continually updating its software to prevent such attacks.

Technical understanding of Pegasus, and how to find the evidential breadcrumbs it leaves on a phone after a successful infection, has been improved by research conducted by Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab.

“Things are becoming a lot more complicated for the targets to notice,” said Guarnieri, who explained that NSO clients had largely abandoned suspicious SMS messages for more subtle zero-click attacks.


Pegasus: the spyware technology that threatens democracy – video
For companies such as NSO, exploiting software that is either installed on devices by default, such as iMessage, or is very widely used, such as WhatsApp, is especially attractive, because it dramatically increases the number of mobile phones Pegasus can successfully attack.

As the technical partner of the Pegasus project, an international consortium of media organisations including the Guardian, Amnesty’s lab has discovered traces of successful attacks by Pegasus customers on iPhones running up-to-date versions of Apple’s iOS. The attacks were carried out as recently as July 2021.

Forensic analysis of the phones of victims has also identified evidence suggesting NSO’s constant search for weaknesses may have expanded to other commonplace apps. In some of the cases analysed by Guarnieri and his team, peculiar network traffic relating to Apple’s Photos and Music apps can be seen at the times of the infections, suggesting NSO may have begun leveraging new vulnerabilities.

Where neither spear-phishing nor zero-click attacks succeed, Pegasus can also be installed over a wireless transceiver located near a target, or, according to an NSO brochure, simply manually installed if an agent can steal the target’s phone.

Once installed on a phone, Pegasus can harvest more or less any information or extract any file. SMS messages, address books, call history, calendars, emails and internet browsing histories can all be exfiltrated.

How Pegasus infiltrates a phone and what it can do

rAd5e6Z.png


“When an iPhone is compromised, it’s done in such a way that allows the attacker to obtain so-called root privileges, or administrative privileges, on the device,” said Guarnieri. “Pegasus can do more than what the owner of the device can do.”

Lawyers for NSO claimed that Amnesty International’s technical report was conjecture, describing it as “a compilation of speculative and baseless assumptions”. However, they did not dispute any of its specific findings or conclusions.

NSO has invested substantial effort in making its software difficult to detect and Pegasus infections are now very hard to identify. Security researchers suspect more recent versions of Pegasus only ever inhabit the phone’s temporary memory, rather than its hard drive, meaning that once the phone is powered down virtually all trace of the software vanishes.

One of the most significant challenges that Pegasus presents to journalists and human rights defenders is the fact that the software exploits undiscovered vulnerabilities, meaning even the most security-conscious mobile phone user cannot prevent an attack.

“This is a question that gets asked to me pretty much every time we do forensics with somebody: ‘What can I do to stop this happening again?’” said Guarnieri. “The real honest answer is nothing.”
 

Sukairain

Shahenshah
Joined
Dec 20, 2015
Messages
4,770
Reputation
2,273
Daps
17,378
Reppin
Straiya
I suppose you need to get two phones. One for doing the dirt, one for normal usage. Make the first a burner so they don't get your subscriber information to track you down and install the spyware. And don't give that number out either, only outgoing calls and texts. Change it frequently as well.

They can't obtain your number unless it is publicly available through records, or unless you give it out to people.

Alternatively use one phone like normal, but make all your sensitive discussions face to face, no phones anywhere near the discussion. We need to take our technology use backwards if we want security. Use carrier pigeons and shyt :pachaha:
 

Rice N Beans

Junior Hayley Stan
Supporter
Joined
May 5, 2012
Messages
10,696
Reputation
1,427
Daps
22,161
Reppin
Chicago, IL
Pegasus brings closer to the stage an annoying issue when it comes to software and security. Law enforcement groups and agencies will hold on to exploits for this kind of use and never report it back.
 

88m3

Fast Money & Foreign Objects
Joined
May 21, 2012
Messages
87,926
Reputation
3,596
Daps
156,483
Reppin
Brooklyn
hopefully this is a wake up call for Western Governments and Companies that they will finally act on
 

Geek Nasty

Brain Knowledgeably Whizzy
Supporter
Joined
Jan 30, 2015
Messages
30,010
Reputation
4,410
Daps
113,242
Reppin
South Kakalaka
The real question is why call it Pegasus, the offspring of Medusa?


Israel is evil. Plain and simple.

Watch the documentary Zero Day if you ever see it on. Israelis were responsible for the Stuxnet virus leaking, we gave it to them to keep Iran's nuke program suppressed. They ignored an explicit order not to fukk with the code, but did it anyway and the virus went nuts and escaped Iranian computers. Taht's the whole reason Biden hates Israel's guts; he was in charge of that operation gave his word to Obama that there wouldn't be any issues and the Israelis fukked him.

I guarantee you this is an US or NSA app the Israelis just decided to repurpose for themselves. They just say "fukk you" to the US and assume their pro-Israeli allies here will continue to give them cover to operate like unaccountable a$$holes.
 

levitate

I love you, you know.
Joined
Sep 3, 2015
Messages
38,905
Reputation
5,702
Daps
147,539
Reppin
The Multiverse
Could you simply design an app that monitors how much data is being transmitted outward, and what apps that data is associated with. Then if there is data “leaking” from an unknown source (not associated with any legitimate app or system process), throw a red flag indicating that you may have malware?
 

bnew

Veteran
Joined
Nov 1, 2015
Messages
54,958
Reputation
8,185
Daps
155,433
Could you simply design an app that monitors how much data is being transmitted outward, and what apps that data is associated with. Then if there is data “leaking” from an unknown source (not associated with any legitimate app or system process), throw a red flag indicating that you may have malware?

like a firewall? :leostare:
 

Geek Nasty

Brain Knowledgeably Whizzy
Supporter
Joined
Jan 30, 2015
Messages
30,010
Reputation
4,410
Daps
113,242
Reppin
South Kakalaka
shyt, I don’t know?
:hubie:
That’s what a firewall is but I’d also like to see hardwired things like indicator lights when camera and mics are activated. Unhackable circuits. Problem with firewalls is the hacker can play games and piggyback or tunnel traffic to make it look legit.

honestly I bet you these are government mandated backdoors that got leaked
 

bnew

Veteran
Joined
Nov 1, 2015
Messages
54,958
Reputation
8,185
Daps
155,433

for anyone using windows.

Install Python 3 and Pip on Windows 10 - TerryL

Then you can install MVT directly from pypi

Code:
pip install mvt
or
pip3 install mvt

You now should have the mvt-ios and mvt-android utilities installed.

edit: didn't work for me. :francis:

Code:
mvt-android check-adb
07:22:31 INFO     [mvt.android.cli] Checking Android through adb bridge
         INFO     [mvt.android.modules.adb.chrome_history] Running module ChromeHistory...
         CRITICAL [mvt.android.modules.adb.base] LIBUSB_ERROR_NOT_SUPPORTED [-12]
 
Top