NSO's Pegasus

in #security6 years ago

Pegasus is the name of spyware developed by Israeli security company named NSO. This software was discovered in 2016 because of Ahmed Mansoor, a UAE human rights activist, who happened to be one of its targets. It was a spear-phishing attack: He received several SMS messages that contained what he thought were malicious links, so he sent those messages to security experts from Citizen Lab, and they brought another cybersecurity firm, Lookout, to the investigation.

Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, and gathering information from apps. It makes use of below security vulnerabilities --

  • CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory. here

  • CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to secretly jailbreak the device and install surveillance software. here

  • CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link. here.

The company that created the spyware, NSO Group, stated that they provide "authorized governments with technology that helps them combat terror and crime".

At an Security Summit by Kaspersky Labs in March 2017, Lookout researchers had a talk on Pegasus for Android, also known as Chrysaor — that’s what Google calls it. The Android version is very similar to its iOS sister in terms of its capabilities, but different in terms of the techniques it uses to penetrate the device.

Only few dozens of devices has been discovered infected byb Pegasus. Only high profile people have been target of Pegasus.The greatest number of Pegasus for Android installations was observed in Israel, with Georgia in second place and Mexico third.

You are probably safe, but…

When news of the iOS version of Pegasus got out, Apple was quick to react. The company issued an iOS security update (9.3.5) that patched all three of the aforementioned vulnerabilities.
However, that doesn’t mean that there is no other yet-unknown spyware around both for iOS and Android. One should therefore, take security seriously and :

  • Update your devices on time, without fail, and pay special attention to security updates.
  • Install a good security solution on your devices.
  • And don't fall for phishing. As in the case of Ahmed Mansoor.
#coding #hacking #technology
6 years ago in #security by
$0.00
    2 votes
    Reply 1
    Sort:  
  • Trending
    • [-]
     6 years ago 

    @elliotyagami, I gave you a vote!
    If you follow me, I will also follow you in return!

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.31
      TRX 0.11
      JST 0.031
      BTC 68031.50
      ETH 3788.85
      USDT 1.00
      SBD 3.68