Pegasus spyware

  • July 19, 2021
  • Posted by: OptimizeIAS Team
  • Category: DPN Topics
No Comments

 

 

Pegasus spyware

Subject: Science and Technology

Context: One of the worrying aspects of the Pegasus spyware is how it has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks which do not require any action from the phone’s user.

Concept:

A “zero-day exploit” is a completely unknown vulnerability, about which even the software manufacturer is not aware, and there is, thus, no patch or fix available for it. In the specific cases of Apple and WhatsApp, therefore, neither company was aware of the security vulnerability, which was used to exploit the software and take over the device.)

Zero-click attacks working

  • A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error.
  • So all awareness about how to avoid a phishing attack or which links not to click are pointless if the target is the system itself.
  • Most of these attacks exploit software which receive data even before it can determine whether what is coming in is trustworthy or not, like an email client.

 Google Project Zero security researcher Ian Beer showed how attackers take complete control of an iPhone in radio proximity without any user interaction.  The exploit targeted the Apple Wireless Device Link (AWDL), that it was powerful enough to “shut off or reboot systems or to corrupt kernel memory”.

Prevention

  • Zero-click attacks are hard to detect given their nature and hence even harder to prevent. Detection becomes even harder in encrypted environments where there is no visibility on the data packets being sent or received.
  • Ensure all operating systems and software are up to date so that they would have the patches for at least vulnerabilities that have been spotted. so, it would not sideload any app and to download only via Google Play or Apple’s App Store.
  • One way to go is to stop using apps altogether and switch to the browser for checking mails or social media, even on the phone.

Pegasus

  • All spyware do what the name suggests — they spy on people through their phones.
  • Pegasus works by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone. (A presumably newer version of the malware does not even require a target user to click a link. More on this below.)
  • Once Pegasus is installed, the attacker has complete access to the target user’s phone. Pegasus spyware ,the most powerful spyware out there, more potent and almost impossible to detect or stop
  • The first reports on Pegasus’s spyware operations emerged in 2016, when Ahmed Mansoor, a human rights activist in the UAE, was targeted with an SMS link on his iPhone 6.
  • The Pegasus tool at that time exploited a software chink in Apple’s iOS to take over the device. Apple responded by pushing out an update to “patch” or fix the issue.
  • Pegasus delivers “a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission”. Pegasus spyware’s operations were live in 45 countries at the time
  • Tools such as Pegasus can be used for mass surveillance; it would seem likely that only selected individuals would be targeted.

The key features of Pegasus are:

  • Ability to access password-protected devices;
  • Being totally transparent to the target;
  • Leaving no trace on the device;
  • Consuming minimal battery, memory and data so as to not arouse suspicion in more alert users;
  • A self-destruct mechanism in case of risk of exposure; and
  • Ability to retrieve any file for deeper analysis
Pegasus spyware Science and tech