Pegasus is powerful spyware developed by NSO, an Israeli company, that can access all information and data on infected devices. It can hack devices through zero-click exploits without any interaction from the user. Researcher Claudio Guarnieri studied Pegasus' technical capabilities and found it can install through nearby wireless devices or on stolen phones. Once installed, Pegasus gives full access to the attacker, even beyond what the user themselves has. NSO claims their software is only for law enforcement but it is very powerful and nearly undetectable on devices.
1. XCS100 Introduction To Web Security
Answer:
Security Hacking And Data Breach
July 2021 by David Peg and Sam Cutler. The article, titled “What is Pegasus spyware and
how does it hack phones?”, gives insights about Pegasus- the powerful spyware developed
by NSO, which is a private company that develops technologies for law-enforcement
agencies and licensed government intelligence (Pegg & Cutler, 2021). As stated in the
article, the spyware, once it is able to capture a device, is capable of accessing possibly
everything from the user’s location to its most personal information stored in the device. It
is even capable of listening to the user’s conversation by having an access to the
microphone of the device. This software, created by the Israeli company NSO, can infect
billions of smart devices with android operating systems or even iOS. With spear-phishing
being the technique opted by first version of Pegasus it has now advanced in its capabilities
to attack a device by infecting them through “zero-click” attacks which are carried out by
exploiting “zero-day” vulnerabilities, that are flaws in an Operating System not yet
discovered by the manufacturers. Recently, the same software is said to be in use to get into
iPhones through iMessage. Similarly, WhatsApp revealed, in 2019, that the Israel based
company was involved in the attack of 1,400 phones made through WhatsApp calls that
were not even received (Pegg & Cutler, 2021).
Claudio Guarnieri, who runs a security lab in Berlin, through his research, has contributed
in the advancement in the understanding of the technicalities of Pegasus. As the software
aims at reaching the maximum number of devices possible, it traps the apps used by most
users like WhatsApp or a default software in the device, the technique of which is also
explained by Guarnieri that have attracted maximum number of NSO’s customers, to shift
from “spear-phishing” to “zero-click” attacks. Along with his team he has also found out that
Pegasus is hazardous to the extent that it can also be installed in the target’s phone through
a nearby wireless transceiver and not only this but it can easily be installed in the device if it
is stolen by an agent. In July 2021, it was found that Pegasus was able to successfully attack
up-to-date versions of iOS (Pegg & Cutler, 2021). Claudio Guarineri have stated that when
the security of an iPhone is breached, it gives access to the attacker to an extent that has not
even been reached by the user. Although, to this report, which was released by Amnesty
International, NSO’s lawyers responded that it was baseless. However, they did not disagree
2. with any findings stated in the report. Recently, NSO has since invested substantially in
making its software powerful and undetectable. Pegasus is proving itself as a powerful
spyware even to those strictly concerned with the security of their devices and as Guaenieri
states, there is nothing that can be done to stop Pegasus from getting into the device it
wants (Pegg & Cutler, 2021).
References
Pegg, D., & Cutler, S. (2021, July 18). What is Pegasus spyware and how does it hack
phones? Retrieved from The Guardian:
https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-
does-it-hack-phones