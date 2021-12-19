



Currently patched Pegasus iPhone hacking is one of the most advanced attacks seen in recent years. A Google employee at Project Zero describes it as one of the most technically sophisticated exploits we’ve ever seen. This was after investigating the iMessage security exploit, which has been a hot topic over and over again. They say NSO Group’s infamous tools, when it comes to sophistication, are on par with what you would expect from a national spy tool. NSO customers, including totalitarians, used Pegasus to spy on unsuspecting iPhone users without their knowledge. Zero-day attacks install malicious code on your iPhone via iMessage without the user interacting with the message. It was very scary.

Pegasus’ iPhone hacking has already had a dramatic impact on the company. Following the disclosure of Pegasus, the US government has put Israeli security software developers on the ban list. In addition, Apple sued the company after patching a security exploit. Apple has also begun notifying iPhone users who may have been Targeted by Pegasus in the past.

The list of Pegasus victims usually includes dissidents, journalists, or politicians rather than regular end users. Apple has already issued a patch to neutralize a security vulnerability that allows Pegasus to hack the iPhone quietly. However, Project Zero’s Google security researchers got a sample of Pegasus to determine how advanced spy tools work on the iPhone.

NSO Group’s horribly sophisticated iMessage attacks

A Google employee at Project Zero has published the first part of the Pegasus analysis. They also shared with Wired a brief description of how Pegasus hacked the iPhone without knowing the target.

“I’ve never seen a real exploit build equivalent functionality from such a limited starting point. It’s impossible to interact with the attacker’s server, and JavaScript and similar scripting engines load it. Not done. “Project Zero’s Ian Beer and Samuel Gross told Wired.

“Many people in the security community consider this type of exploit (single-shot remote code execution) to be a resolved issue. They think the mitigations offered by mobile devices are too heavy. We don’t think we can build a reliable single-shot exploit. This shows not only that it is possible, but also that it is definitely used in the wild for people. ”

How Pegasus hacked the iPhone

ForcedEntry is the name of the iOS exploit that made it possible to hack Pegasus iPhones. NSO hackers have figured out how to sneak into a PDF file disguised as a GIF by using the way iMessage handles the playback of GIF files. Next, we used a vulnerability in a compression tool that processes text in images from physical scanners. This tool, dating back to the 1990s, has also been used on modern computers such as the iPhone.

If that’s not enough, ForcedEntry has built a kind of virtual computer that runs “in the strange backwaters of iMessage,” according to Wired. This is because the malware needs to talk to the Command and Control Center, which sends the instructions. This behavior made it even more difficult to detect attacks.

Again, Pegasus didn’t require any input from the user. The attacker only needed a phone number or Apple ID to send the payload over iMessage. No message is displayed on the screen. As soon as an invisible message arrives on your iPhone, your iPhone will be successfully hacked. Since then, the target does not know that someone has invaded their iPhone.

“It’s pretty incredible and at the same time pretty scary,” said a Researcher at Project Zero about Forced Entry.

IPhone users running the latest iOS version have Pegasus protection. This does not mean that similar security companies have stopped devising spy tools for the iPhone, but that Forced Entry attacks will no longer work on devices running the latest software.

Pegasus Target has also begun receiving notifications from Apple regarding hacking. If you were wondering if someone spy on you with Pegasus, you would have known.

