Monday, Jul 19, 2021, 16:59 iOS: Software

Trojan Virus "Pegasus": Arrives On iPhone Per Zero Click & iMessage Flaw – iOS 14.6 Also Affected

It was already known by the end of 2020 that countless journalists had been spied upon by various governments with a sniffing software. The software, developed by the Israeli company "NSO Group" and sold only to various international governments, takes advantage of a "zero-day hole" in iMessage. iPhones with iOS 13.5.1 or later were affected, although Apple fixed the issue with iOS 14. There is currently no list of governments that use the software, although it is suspected that any such list contain mostly authoritarian governments. NSO Group has "protected the rights" of its customers by refusing to announce which states use its software.

Up To 50,000 Possible Victims
In cooperation with Amnesty International, an international research network recently found out that such attacks are still possible – despite the fact that the issue was considered fixed with the advent of iOS 14. This means that the number of users affected by attacks from (mostly) authoritarian countries is likely far greater than previously known. At the end of last year, it was known that up to 37 journalists had been spied upon, however, this most recent information indicates that the number is likely much closer to 50,000. Mostly human rights activists and media workers are expected to have been affected. A list of all compromised cellphone numbers is available from Amnesty International Security Lab (AISL) and the Paris-based organization Forbidden Stories.



Installation Without Action On The Part Of The User
The current version of Pegasus is capable of nesting itself in smartphones without any action on the part of the user. State attackers use a silent SMS or a man-in-the-middle-attack with the help of IMSI catchers. Thanks to a zero-day hole in iMessage for iOS 14.6 – the spyware can be installed on iPhones. Other weaknesses, for example in the Music app, can also be exploited. Earlier versions of the trojan were slightly less dangerous, as they required some input from the user to infect a device – for example interaction with a URL from a suspicious SMS or email in order to start the installation process. The newest version of "Pegasus" is thus much more dangerous than its predecessors.

"Pegasus" Gains Access To All Data
After having made its way onto an iPhone, Pegasus is able to read all data on the device and forward it to the state attackers. To accomplish this, the software uses several special spoofing mechanisms in order to compromise numerous system functions in iOS. A list of the libraries used has been published in an ASL analysis of the trojan. "Pegasus" is also able to record phone conversations or WhatsApp/Telegram chats. The trojan can even gain unrestricted access to iCloud information, as this can be attacked directly from the user's phone.

More articles you might enjoy to read: