Pegasus Spyware
Context:
- The digital rights group Access Now recently said that Pegasus spyware was used in Jordan to hack the cellphones of at least 30 people, including journalists, lawyers, human rights and political activists.
About Pegasus:
- It is a spyware which isdeveloped by the Israeli cyber-arms company NSO Group.
- It is designed to be covertly and remotely installed on mobile phones running both on iOS and Android.
- The Israeli company states that it provides authorized governments with technology so that it can help them combat terror and crime.
- But the governments around the world have routinely used the spyware to watch journalists, lawyers, political dissidents, and human rights activists.
- Pegasus operators were able to install the spyware on iOS versions remotely through 0.3 using a zero-click exploit.
- Pegasus is generally capable of reading text messages, call snooping, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps on the phone.
- The spyware is named after Pegasus which refers to the winged horse of Greek mythology.
About Zero Click Vulnerability or Zero click exploit:
- Zero-click attacks is more dangerous because they don’t require any interaction from the users they target, such as clicking on a link, enabling macros, or launching an executable.
- These are very much sophisticated often used in cyber espionage campaigns, and tend to leave very few traces behind.
- Once a device is compromised, an attacker can choose to install surveillance software, or they can even choose to enact a much more destructive strategy by encrypting the files and holding them for the ransom.
- Generally, a victim can’t tell when and how they’ve been infected through a zero-click attack.
- Zero-click attacks often rely on zero-days which are vulnerabilities that are unknown to the software maker.
