Zero-click spyware, updated iOS iPhones, evidence of infiltration of pegasus in messaging, WhatsApp, music, SMS.. all of these things and apps that I use on a daily basis. My life would be boring to watch or eavesdrop into, but the idea of being vulnerable is creepy.
Does any one know how to check iPhones and iPads to see if Pegasus is on board the device, how to uninstall it?
iPhone 12 Pro, iOS 14
To my relief I have just learned that the iOS and iPadOS 14.8 Updates will fix the Pegasus issue. Great work, Apple :)
Yes, I hope it's just my imagination. However, I've been working for too long in the IT business to know that what's technically possible, will be done. And I also know that, if you pay people enough money, they'll do whatever you ask them to do. Pegasus is mainly a surveillance tool and surveillance is supposed to run in the background without the victim knowing about it. From this perspective, you're right, it's quite unlikely they do something that raises your attention However, Pegasus can also be used as a powerful backdoor and allow them any action they choose to do. So, supposed you made a comment that doesn't suit an authoritarian government's official line, they may choose to silence you. So far, they have to send agents. Now, they can use Pegasus and send you child porn pictures, which they even delete once they have been reported. In this case, Apple would act as an accomplice, suspend your account and inform the Police. This means that US (or later another) police would do the "dirty job" for that government.
For me it's very crucial that Apple get the Pegasus security hole fixed 100% before they activate the CSAM scanner. Otherwise, Pandora's box would be open to it's maximum extent.
iPadOS 14.8 was released today to protect from the NSO Pegasus zero-click spyware.
What About Protection For OLDER IOS and OSX Versions?
Are my other devices vulnerable?
I'm at OSX 10.11.6 and IOS 12.5.4 and walled off for newer vers.
Any help there?
update
https://zetter.substack.com/p/pegasus-spyware-how-it-works-and
For someone who knows their way around cybersecurity. https://github.com/mvt-project/mvt
If you understand German, this page seems quite helpful and gives detailed instructions:
https://www.renefuerst.eu/pegasus-spyware-aufspueren-auf-ios-mit-macos/
Note that Pegasus only gets installed if you click on the malicious link in a text or email. If you practice good security standards and don’t click on embedded message links from suspicious messages (from a mailing list you did not subscribe to, or from someone you don’t know, or from a company you’ve never heard of, or apparently from a company you know but where the actual message header is strange, or offering some too good to be true free thing, etc, etc).
There was also a WhatsApp exploit that allowed it to be installed when you checked missed calls, but that exploit is supposedly now patched.
But the bottom line is that in order for Pegasus to even get on your own device, you have to actively do something like follow a malicious message URL.
And it’s old now, and well researched. Everybody - Apple, Google, Microsoft, WhatsApp, etc - have all patched their software to defeat installation of Pegasus.
Michael Black wrote:
Note that Pegasus only gets installed if you click on the malicious link in a text or email.
Unfortunately, this is a false statement. Pegasus has used no-click exploits. This is mentioned in the linked article: Perhaps most alarming, Pegasus can be delivered to phones using a no-click or zero-click exploit that doesn’t require the recipient to click on anything to be infected.
The real threat is not only the very powerful Pegasus malware itself that installs without any user interaction and very limited means of traceability. The real threat is a combination of Pegasus with the upcoming CSAM scanner. While it goes without saying that people actively downloading this kind of pictures should be prosecuted, it would also be possible that the attackers could send a large number of this kind of pictures to the victim's device via Pegasus and send them to iCloud. As we know meanwhile, Pegasus works with administrative rights and has higher privileges than the user himself / herself. CSAM would then detect them, an Apple employee would double check and confirm and close the victim's account and report them to the Police. This way, Pegasus and CSAM combined would be the perfect tool for destroying someone's reputation and life for no reason, just within a couple of minutes.
Maybe I missed it but I didnt see any mention of ability of Pegasus to deliver a large payload of images to the device. It buffers tiny amounts of harvested data from the device and transmits it back to the Pegasus operator.
LD150 wrote:
Maybe I missed it but I didnt see any mention of ability of Pegasus to deliver a large payload of images to the device. It buffers tiny amounts of harvested data from the device and transmits it back to the Pegasus operator.
I’d be surprised if NSO couldn’t provide full and unassisted no-interaction remote backup support.
Tnx for the CitizenLab info post, LD150.
Am I right to interpret their "are affected" notice of:
". . . All iPhones with iOS versions prior to 14.8, All Mac computers
with operating system versions prior to OSX Big Sur 11.6, . . . "
. . . to mean that my un-updatable devices (MBpro-OSX10.11.6, iPh6-IOS12.5.4)
are & will be, in fact, vulnerable to Pegasus? No retro security updates?
Apple just abandons the legacy machines after a couple years, right?
They're deemed useless. My only securable device is iPadmini 5thG?
tnx
LD150
Thank you for taking the time to send article and give your thoughts. I appreciate this.
You're welcome but MrHoffman is my guru on this.
vielen Dank für Ihren Artikel. KI setzt sich mit Google Translate durch
I think your imagination may be working overtime.
NSO Pegasus spyware
