Journalists, activists and politicians would be among the targets of a wave of espionage promoted by authoritarian governments. There are indications that this work has been done through the Pegasus, spy software focused on Android and iOS devices. An investigation shows that, on iPhones, spyware exploits loopholes in tools such as iMessage, Apple Music and Photos.
What is Pegasus?
O NSO Group is an Israeli company that develops tools for spying or hacking systems that theoretically help governments and security forces fight terrorism or other criminal practices. The organization’s flagship product is Pegasus spyware.
It is known that the tool is capable of infecting Android and iOS devices and, from there, perform a series of actions, such as copying received messages, recording geographic location history, recording calls, activating microphones and cameras, among others, all of this without the user noticing.
Espionage of journalists and activists
Pegasus is not new software. However, the spyware made the news last weekend after an allegation made by a press consortium in conjunction with Amnesty International and the NGO Forbidden Stories.
According to the investigation, Pegasus has been used illegally by certain governments to monitor journalists, human rights activists, trade unionists, politicians, authorities and other personalities.
It is estimated that more than 50,000 phone numbers are being spied on. Although the investigation did not find names directly linked to these numbers, some press vehicles identified the owners of more than a thousand lines.
Among them are more than 600 politicians or authorities, around 200 journalists and at least 85 human rights activists. Most of the numbers are based on countries that already have a history of spying on citizens, such as Saudi Arabia, Azerbaijan, Kazakhstan, India and Morocco and Mexico.
Transparency International warns that the Bolsonaro government is also contracting software for spying through a bidding process promoted by the Ministry of Justice. Also according to the entity, the NSO Group would participate in the trading session, but withdrew its proposal after the revelations.
How is the iPhone spied on?
Investigations indicate that spying actions have been taking place at least since 2014. But, how has the iPhone been affected over these years? The mechanisms of contamination have not been fully elucidated, but it seems that Pegasus exploits loopholes in several iOS apps, mainly zero-day problems (not yet fixed).
One method of contamination involves redirecting Safari from a legitimate website to another one with malicious scripts. Amnesty International suspects that apps such as Apple Music, Photos and FaceTime have also been exploited for this purpose.
But iMessage seems to be the main contamination vector. An analysis of 23 Pegasus-infected iPhones shows that in 13 of them the messaging service was used in the process.
A few factors may explain the iMessage predilection. One is the fact that major vulnerabilities have been discovered in the tool since 2019. Another: the service incorporates functionality such as the passage of time — any new feature can bring security holes.
In addition, iMessage allows the user to receive messages from strangers without prior approval, a feature that can be exploited to send malicious links.
There is one more aggravating factor: apparently, attacks via iMessage are of the “zero-click” type, that is, the spyware does not depend on human interaction to infect the iPhone.
We can think of old or outdated iPhones facilitating attacks, but there are records of actions against devices running the current iOS 14.6. Units with iOS 14.3 and 14.4 were also attacked.
It’s still unclear whether iOS 14.7 (to be released this week) and the upcoming iOS 15 will be able to mitigate the flaws that allow Pegasus to take action.
Sought, Apple condemned the attacks and highlighted that these actions are highly sophisticated and have specific targets, therefore, pose no risk to the vast majority of users.
With information: The Washington Post.