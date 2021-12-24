Pegasus has been, without a doubt, one of the great technological news of the year. In July we learned of the existence of this spyware developed by a private contractor to be used by government agencies. The program infects the target’s phone and sends private data, including photos, messages, and audio and video recordings.

The Pegasus developer, an Israeli company called NSO Group, which claims that the software cannot be traced even by the government that uses it, a crucial feature for clandestine operations.

NSO Group manufactures products that allow governments to spy on citizens. On its website, the company describes the role of its products as helping “government intelligence and law enforcement agencies use technology to address encryption challenges” during terrorist and criminal investigations.

Last July, it became known that the NSO Group company had developed a spy program called Pegasus. Some of the stories have been shocking, with accusations that fully updated smartphones can be hacked with a single text message, and reports that two women close to the murdered journalist Jamal Khashoggi they were among the targets of a government agency that uses the spy tool.

A coalition of the media, including The Washington Post, Le Monde and The Guardian, is behind the news that revealed this spy program and called it Project Pegasus. The project was run by Forbidden Stories, an organization of journalists that works on stories after the original reporters have been silenced in some way. Amnesty International conducted a detailed forensic analysis of 67 smartphones looking for evidence that they had been the target of the Pegasus spyware, and 37 of those phones tested positive.

Continue reading the story

Google explains how Pegasus works

All the above data was already known. At the end of 2022 there is only one mystery left to unravel. How is it possible that a program can break the security of iPhones, which are supposed to be the safest smartphones in the world? As well, the answer has not been given Manzana, otherwise Google.

A Google blog from the team of Project Zero It called the attacks technically sophisticated exploits and assessed that the software has capabilities that rival those of spyware previously thought to be accessible only by a few countries.

According to the Project Zero blog, Pegasus attacks on iPhones were made possible by the ForcedEntry exploit.

In this case, the NSO hackers took advantage of the way iMessage handled GIFs to insert a PDF file into an iPhone disguised as GIF. They then exploited a vulnerability in the compression tool used to process text in images.

ForcedEntry built a virtual computer on the iPhone to communicate with the command and control center that sent the instructions. The presence of a virtual computer made it difficult to detect attacks.

Pegasus could do all of this without the need for user input. They only needed the phone number or Apple ID to send the malicious file and lThen hack the iPhone. As soon as the iPhone received the message, the hack was activated without the user knowing of its presence on their device.

Although Apple has fixed the vulnerability and it has informed its users that they were spied on by Pegasus software, there are still companies that develop spyware to hack iOS and Android devices.

More news that may interest you:

VIDEO | These are the cities in Europe that spend the most energy putting up their Christmas lights