Jump to content

Pegasus (spyware): Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m paragraph breaks
Omar Abdulaziz lawsuit, link to Post article
Line 1: Line 1:
'''Pegasus''' is a [[spyware]] that can be installed on devices running certain versions of [[iOS]], [[Apple Inc.|Apple]]'s mobile operating system, developed by the cyberarms firm, [[NSO Group]].
'''Pegasus''' is a [[spyware]] that can be installed on devices running certain versions of [[iOS]], [[Apple Inc.|Apple]]'s mobile operating system, developed by the [[Israel|Israeli]] cyberarms firm, [[NSO Group]].


Discovered in August 2016 after a failed attempt at installing it on an [[iPhone]] belonging to a human rights activist, an investigation revealed details about the spyware, its abilities, and the [[Vulnerability (computing)|security vulnerabilities]] it exploited. Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, and gathering information from apps.
Discovered in August 2016 after a failed attempt at installing it on an [[iPhone]] belonging to a human rights activist, an investigation revealed details about the spyware, its abilities, and the [[Vulnerability (computing)|security vulnerabilities]] it exploited. Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, and gathering information from apps.
Line 14: Line 14:
The vulnerabilities were found ten days before the iOS 9.3.5 update was released. [[United Arab Emirates|Arab]] human rights defender Ahmed Mansoor received a text message promising "secrets" about torture happening in prisons in the United Arab Emirates", along with a link. Mansoor sent the link to [[Citizen Lab]]. An investigation ensued with collaboration from Lookout security company that revealed that if Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted the spyware into it.<ref>{{cite web |first=Dave |last=Lee |title=Who are the hackers who cracked the iPhone? |url=https://www.bbc.com/news/technology-37192670 |publisher=''[[BBC News]]'' |date=August 26, 2016 |accessdate=December 21, 2016}}</ref> Citizen Lab linked the attack to a private Israeli spyware company known as [[NSO Group]], that sells Pegasus to governments for "lawful interception", but suspicions exist that it is applied for other purposes.<ref>Ahmed, Azam, and Perlroth, Nicole, ''[https://www.nytimes.com/2017/06/19/world/americas/mexico-spyware-anticrime.html Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families]'', [[The New York Times]], June 19, 2017</ref> NSO Group is owned by an American private equity firm, [[Francisco Partners]].<ref>{{cite web |first1=Bill |last1=Marczak |first2=John |last2=Scott-Railton |title=The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender |url=https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ |publisher=[[Citizen Lab]] |date=August 24, 2016 |accessdate=December 21, 2016}}</ref>
The vulnerabilities were found ten days before the iOS 9.3.5 update was released. [[United Arab Emirates|Arab]] human rights defender Ahmed Mansoor received a text message promising "secrets" about torture happening in prisons in the United Arab Emirates", along with a link. Mansoor sent the link to [[Citizen Lab]]. An investigation ensued with collaboration from Lookout security company that revealed that if Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted the spyware into it.<ref>{{cite web |first=Dave |last=Lee |title=Who are the hackers who cracked the iPhone? |url=https://www.bbc.com/news/technology-37192670 |publisher=''[[BBC News]]'' |date=August 26, 2016 |accessdate=December 21, 2016}}</ref> Citizen Lab linked the attack to a private Israeli spyware company known as [[NSO Group]], that sells Pegasus to governments for "lawful interception", but suspicions exist that it is applied for other purposes.<ref>Ahmed, Azam, and Perlroth, Nicole, ''[https://www.nytimes.com/2017/06/19/world/americas/mexico-spyware-anticrime.html Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families]'', [[The New York Times]], June 19, 2017</ref> NSO Group is owned by an American private equity firm, [[Francisco Partners]].<ref>{{cite web |first1=Bill |last1=Marczak |first2=John |last2=Scott-Railton |title=The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender |url=https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ |publisher=[[Citizen Lab]] |date=August 24, 2016 |accessdate=December 21, 2016}}</ref>


Regarding how widespread the issue was, Lookout explained in a blog post: "We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code" and pointed out that the code shows signs of a "kernel mapping table that has values all the way back to [[iOS 7]]".<ref name="Lookout blog post">{{cite web |title=Sophisticated, persistent mobile attack against high-value targets on iOS |url=https://blog.lookout.com/blog/2016/08/25/trident-pegasus/ |publisher=Lookout |date=August 25, 2016 |accessdate=December 21, 2016}}</ref> [[The New York Times]] and [[The Times of Israel]] have both reported that it appears the [[United Arab Emirates]] was using this spyware as early as 2013.<ref name="20180831NYT">{{cite news |last1=Kirkpatrick |first1=David |last2=Ahmed |first2=Azam |title=Hacking a Prince, an Emir and a Journalist to Impress a Client |url=https://www.nytimes.com/2018/08/31/world/middleeast/hacking-united-arab-emirates-nso-group.html |accessdate=31 August 2018 |work=[[The New York Times]] |date=31 August 2018}}</ref><ref name="20160902NYT">{{cite news |last1=Perlroth |first1=Nicole |title=How Spy Tech Firms Let Governments See Everything on a Smartphone |url=https://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html |accessdate=31 August 2018 |work=[[The New York Times]] |date=2 September 2016}}</ref><ref name="20180831TOI">{{cite news |title=Lawsuits claim Israeli spyware firm helped UAE regime hack opponents’ phones |url=https://www.timesofisrael.com/lawsuits-claim-israeli-spyware-firm-helped-uae-hack-opponents-phones/ |accessdate=31 August 2018 |work=[[The Times of Israel]] |date=31 August 2018}}</ref> A pair of lawsuits claim that NSO Group helped clients operate the software and therefore participated in numerous violations of human rights initiated by its clients.<ref name="20180831TOI" />
Regarding how widespread the issue was, Lookout explained in a blog post: "We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code" and pointed out that the code shows signs of a "kernel mapping table that has values all the way back to [[iOS 7]]".<ref name="Lookout blog post">{{cite web |title=Sophisticated, persistent mobile attack against high-value targets on iOS |url=https://blog.lookout.com/blog/2016/08/25/trident-pegasus/ |publisher=Lookout |date=August 25, 2016 |accessdate=December 21, 2016}}</ref> [[The New York Times]] and [[The Times of Israel]] have both reported that it appears the [[United Arab Emirates]] was using this spyware as early as 2013.<ref name="20180831NYT">{{cite news |last1=Kirkpatrick |first1=David |last2=Ahmed |first2=Azam |title=Hacking a Prince, an Emir and a Journalist to Impress a Client |url=https://www.nytimes.com/2018/08/31/world/middleeast/hacking-united-arab-emirates-nso-group.html |accessdate=31 August 2018 |work=[[The New York Times]] |date=31 August 2018}}</ref><ref name="20160902NYT">{{cite news |last1=Perlroth |first1=Nicole |title=How Spy Tech Firms Let Governments See Everything on a Smartphone |url=https://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html |accessdate=31 August 2018 |work=[[The New York Times]] |date=2 September 2016}}</ref><ref name="20180831TOI">{{cite news |title=Lawsuits claim Israeli spyware firm helped UAE regime hack opponents’ phones |url=https://www.timesofisrael.com/lawsuits-claim-israeli-spyware-firm-helped-uae-hack-opponents-phones/ |accessdate=31 August 2018 |work=[[The Times of Israel]] |date=31 August 2018}}</ref>

Several outstanding lawsuits claim that NSO Group helped clients operate the software and therefore participated in numerous violations of human rights initiated by its clients.<ref name="20180831TOI" /> Two months after the murder and dismemberment of [[Washington Post]] journalist [[Jamal Khashoggi]], a Saudi human rights activist, in the Saudi Arabian Consulate in [[Istanbul, Turkey]], Saudi dissident [[Omar Abdulaziz]], a [[Canada|Canadian]] resident, filed suit in Israel against NSO Group, accusing the firm of providing the Saudi government with the surveillance software to spy on him and his friends, including Khashoggi.<ref name=Boot5Dec>{{cite news|work=The Washington Post|date=5 December 2018|accessdate=19 April 2019|first=Max|last=Boot|title=An Israeli tech firm is selling spy software to dictators, betraying the country’s ideals
|url=https://www.washingtonpost.com/opinions/2018/12/05/israel-is-selling-spy-software-dictators-betraying-its-own-ideals/ }}</ref> According to the ''Washington Post'' and many other prominent media sources, Pegasus enables not merely the keystroke monitoring of all communications from a phone (texts, emails, web searches) but phone calls and location tracking, while also permitting NSO Group to hijack both the mobile phone’s microphone and camera, making it into a constant surveillance device.<ref name=Boot5Dec/>



== Vulnerabilities ==
== Vulnerabilities ==

Revision as of 19:13, 19 April 2019

Pegasus is a spyware that can be installed on devices running certain versions of iOS, Apple's mobile operating system, developed by the Israeli cyberarms firm, NSO Group.

Discovered in August 2016 after a failed attempt at installing it on an iPhone belonging to a human rights activist, an investigation revealed details about the spyware, its abilities, and the security vulnerabilities it exploited. Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, and gathering information from apps.

Apple released version 9.3.5 of its iOS software to fix the vulnerabilities. News of the spyware garnered significant media attention. It was called the "most sophisticated" smartphone attack ever, and became the first time in iPhone history when a remote jailbreak exploit had been detected. The company that created the spyware, NSO Group, stated that they provide "authorized governments with technology that helps them combat terror and crime".

Details of spyware

Pegasus is the name of a spyware that can be installed on devices running certain versions of iOS, Apple's mobile operating system. Upon clicking on a malicious link, Pegasus secretly enables a jailbreak on the device and can read text messages, track calls, collect passwords, trace the phone location,[1] as well as gather information from apps including (but not limited to) iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype.[2]

Patch

Apple released iOS version 9.3.5 for its line of iPhone smartphone products in August 2016. Details of the update were fixes for the three critical security vulnerabilities that Pegasus exploited.[3]

Discovery of spyware

The vulnerabilities were found ten days before the iOS 9.3.5 update was released. Arab human rights defender Ahmed Mansoor received a text message promising "secrets" about torture happening in prisons in the United Arab Emirates", along with a link. Mansoor sent the link to Citizen Lab. An investigation ensued with collaboration from Lookout security company that revealed that if Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted the spyware into it.[4] Citizen Lab linked the attack to a private Israeli spyware company known as NSO Group, that sells Pegasus to governments for "lawful interception", but suspicions exist that it is applied for other purposes.[5] NSO Group is owned by an American private equity firm, Francisco Partners.[6]

Regarding how widespread the issue was, Lookout explained in a blog post: "We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code" and pointed out that the code shows signs of a "kernel mapping table that has values all the way back to iOS 7".[7] The New York Times and The Times of Israel have both reported that it appears the United Arab Emirates was using this spyware as early as 2013.[8][9][10]

Several outstanding lawsuits claim that NSO Group helped clients operate the software and therefore participated in numerous violations of human rights initiated by its clients.[10] Two months after the murder and dismemberment of Washington Post journalist Jamal Khashoggi, a Saudi human rights activist, in the Saudi Arabian Consulate in Istanbul, Turkey, Saudi dissident Omar Abdulaziz, a Canadian resident, filed suit in Israel against NSO Group, accusing the firm of providing the Saudi government with the surveillance software to spy on him and his friends, including Khashoggi.[11] According to the Washington Post and many other prominent media sources, Pegasus enables not merely the keystroke monitoring of all communications from a phone (texts, emails, web searches) but phone calls and location tracking, while also permitting NSO Group to hijack both the mobile phone’s microphone and camera, making it into a constant surveillance device.[11]


Vulnerabilities

Lookout provided details of the three vulnerabilities:[7]

  • CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory.
  • CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to secretly jailbreak the device and install surveillance software.
  • CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.

Reactions

News

News of the spyware received significant media attention,[1][12][13][14][15] particularly for being called the "most sophisticated" smartphone attack ever,[16][17] and, for being the first time in iPhone history when a remote jailbreak exploit has been detected.[18]

NSO Group comment

Dan Tynant of The Guardian wrote an article that featured comments from NSO Group, where they stated that they provide "authorized governments with technology that helps them combat terror and crime", although the Group told him that they had no knowledge of any incidents.[19]

Bug-bounty program skepticism

In the aftermath of the news, critics asserted that Apple's bug-bounty program, which rewards people for finding flaws in its software, might not have offered sufficient rewards to prevent exploits being sold on the black market, rather than being reported back to Apple. Russell Brandom of The Verge commented that Apple's bug-bounty program, which rewards people who manage to find faults in its software, maxes out at payments of $200,000, "just a fraction of the millions that are regularly spent for iOS exploits on the black market". He goes on to ask why Apple doesn't "spend its way out of security vulnerabilities?", but also writes that "as soon as [the Pegasus] vulnerabilities were reported, Apple patched them—but there are plenty of other bugs left. While spyware companies see an exploit purchase as a one-time payout for years of access, Apple’s bounty has to be paid out every time a new vulnerability pops up." Brandom also wrote; "The same researchers participating in Apple’s bug bounty could make more money selling the same finds to an exploit broker." He concluded the article by writing; "It’s hard to say how much damage might have been caused if Mansoor had clicked on the spyware link... The hope is that, when the next researcher finds the next bug, that thought matters more than the money."[20]

See also

References

  1. ^ a b Perlroth, Nicole (August 25, 2016). "IPhone Users Urged to Update Software After Security Flaws Are Found". The New York Times. Retrieved December 21, 2016. {{cite web}}: Italic or bold markup not allowed in: |publisher= (help)
  2. ^ Fox-Brewster, Thomas (August 25, 2016). "Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text". Forbes. Retrieved December 21, 2016. {{cite web}}: Italic or bold markup not allowed in: |publisher= (help)
  3. ^ Clover, Juli (August 25, 2016). "Apple Releases iOS 9.3.5 With Fix for Three Critical Vulnerabilities Exploited by Hacking Group". MacRumors. Retrieved December 21, 2016. {{cite web}}: Italic or bold markup not allowed in: |publisher= (help)
  4. ^ Lee, Dave (August 26, 2016). "Who are the hackers who cracked the iPhone?". BBC News. Retrieved December 21, 2016. {{cite web}}: Italic or bold markup not allowed in: |publisher= (help)
  5. ^ Ahmed, Azam, and Perlroth, Nicole, Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families, The New York Times, June 19, 2017
  6. ^ Marczak, Bill; Scott-Railton, John (August 24, 2016). "The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender". Citizen Lab. Retrieved December 21, 2016.
  7. ^ a b "Sophisticated, persistent mobile attack against high-value targets on iOS". Lookout. August 25, 2016. Retrieved December 21, 2016.
  8. ^ Kirkpatrick, David; Ahmed, Azam (31 August 2018). "Hacking a Prince, an Emir and a Journalist to Impress a Client". The New York Times. Retrieved 31 August 2018.
  9. ^ Perlroth, Nicole (2 September 2016). "How Spy Tech Firms Let Governments See Everything on a Smartphone". The New York Times. Retrieved 31 August 2018.
  10. ^ a b "Lawsuits claim Israeli spyware firm helped UAE regime hack opponents' phones". The Times of Israel. 31 August 2018. Retrieved 31 August 2018.
  11. ^ a b Boot, Max (5 December 2018). "An Israeli tech firm is selling spy software to dictators, betraying the country's ideals". The Washington Post. Retrieved 19 April 2019.
  12. ^ Szoldra, Paul (August 26, 2016). "Inside 'Pegasus,' the impossible-to-detect software that hacks your iPhone". Business Insider. Axel Springer SE. Retrieved December 21, 2016.
  13. ^ Roettgers, Janko (August 26, 2016). "This App Can Tell if an iPhone Was Hacked With Latest Pegasus Spy Malware". Variety. Penske Media Corporation. Retrieved December 21, 2016.
  14. ^ Newman, Lily Hay (August 25, 2016). "A Hacking Group Is Selling iPhone Spyware to Governments". Wired. Condé Nast. Retrieved December 21, 2016.
  15. ^ Swartz, Jon; Weise, Elizabeth (August 26, 2016). "Apple issues security update to prevent iPhone spyware". USA Today. Gannett Company. Retrieved December 21, 2016.
  16. ^ Tamblyn, Thomas (August 26, 2016). "What Is The "Pegasus" iPhone Spyware And Why Was It So Dangerous?". The Huffington Post. AOL. Retrieved December 21, 2016.
  17. ^ Khan, Sami (August 27, 2016). "Meet Pegasus, the most-sophisticated spyware that hacks iPhones: How serious was it?". International Business Times. IBT Media. Retrieved December 21, 2016.
  18. ^ Brandom, Russell (August 25, 2016). "A serious attack on the iPhone was just seen in use for the first time". The Verge. Vox Media. Retrieved December 21, 2016.
  19. ^ Tynan, Dan (August 25, 2016). "Apple issues global iOS update after attempt to use spyware on activist's iPhone". The Guardian. Retrieved December 21, 2016. {{cite web}}: Italic or bold markup not allowed in: |publisher= (help)
  20. ^ Brandom, Russell (August 26, 2016). "Why can't Apple spend its way out of security vulnerabilities?". The Verge. Vox Media. Retrieved December 21, 2016.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Pegasus_(spyware)&oldid=893204816"