NSO Pegasus spyware

Michael Black wrote:

Note that Pegasus only gets installed if you click on the malicious link in a text or email.

Unfortunately, this is a false statement. Pegasus has used no-click exploits. This is mentioned in the linked article: Perhaps most alarming, Pegasus can be delivered to phones using a no-click or zero-click exploit that doesn’t require the recipient to click on anything to be infected. 

Nobody here would know.

Furthermore...

"Apple doesn't disclose, discuss or confirm security issues until an investigation has taken place and patches or releases are available. Recent releases are listed on the Apple security updates page."

Unless you are an investigative journalist working against your government or a political activist in a dictatorial government it is very unlikely you would be a target for this multi-million dollar tool.

If you are worried do a restore to factory preferably using DFU and do not restore any backup.

Bit of a sledge hammer to crack an unlikely nut in my view.

Note that Pegasus only gets installed if you click on the malicious link in a text or email. If you practice good security standards and don’t click on embedded message links from suspicious messages (from a mailing list you did not subscribe to, or from someone you don’t know, or from a company you’ve never heard of, or apparently from a company you know but where the actual message header is strange, or offering some too good to be true free thing, etc, etc).

There was also a WhatsApp exploit that allowed it to be installed when you checked missed calls, but that exploit is supposedly now patched.

But the bottom line is that in order for Pegasus to even get on your own device, you have to actively do something like follow a malicious message URL.

And it’s old now, and well researched. Everybody - Apple, Google, Microsoft, WhatsApp, etc - have all patched their software to defeat installation of Pegasus.

The real threat is not only the very powerful Pegasus malware itself that installs without any user interaction and very limited means of traceability. The real threat is a combination of Pegasus with the upcoming CSAM scanner. While it goes without saying that people actively downloading this kind of pictures should be prosecuted, it would also be possible that the attackers could send a large number of this kind of pictures to the victim's device via Pegasus and send them to iCloud. As we know meanwhile, Pegasus works with administrative rights and has higher privileges than the user himself / herself. CSAM would then detect them, an Apple employee would double check and confirm and close the victim's account and report them to the Police. This way, Pegasus and CSAM combined would be the perfect tool for destroying someone's reputation and life for no reason, just within a couple of minutes.

Yes, I hope it's just my imagination. However, I've been working for too long in the IT business to know that what's technically possible, will be done. And I also know that, if you pay people enough money, they'll do whatever you ask them to do. Pegasus is mainly a surveillance tool and surveillance is supposed to run in the background without the victim knowing about it. From this perspective, you're right, it's quite unlikely they do something that raises your attention However, Pegasus can also be used as a powerful backdoor and allow them any action they choose to do. So, supposed you made a comment that doesn't suit an authoritarian government's official line, they may choose to silence you. So far, they have to send agents. Now, they can use Pegasus and send you child porn pictures, which they even delete once they have been reported. In this case, Apple would act as an accomplice, suspend your account and inform the Police. This means that US (or later another) police would do the "dirty job" for that government.

For me it's very crucial that Apple get the Pegasus security hole fixed 100% before they activate the CSAM scanner. Otherwise, Pandora's box would be open to it's maximum extent.

iPadOS 14.8 was released today to protect from the NSO Pegasus zero-click spyware.

What About Protection For OLDER IOS and OSX Versions?

Are my other devices vulnerable?

I'm at OSX 10.11.6 and IOS 12.5.4 and walled off for newer vers.

Any help there?

If you understand German, this page seems quite helpful and gives detailed instructions:

https://www.renefuerst.eu/pegasus-spyware-aufspueren-auf-ios-mit-macos/

There are tools that claim to check for it - e.g. https://imazing.com/blog/detecting-pegasus-spyware-with-imazing

iMazing is a respectable tool for managing data on an iPhone. And the Pegasus check can be done with the free trial download.

I don’t use iMazing and never have, but I know other forum members use it for data management purposes and speak well of it.

Amnesty International also has a tool available in GitHub - https://9to5mac.com/2021/07/20/check-your-iphone-for-pegasus/. Again, I’ve never used it, but there have been several write ups about it in various tech news sites.

Maybe I missed it but I didnt see any mention of ability of Pegasus to deliver a large payload of images to the device. It buffers tiny amounts of harvested data from the device and transmits it back to the Pegasus operator.

LD150 wrote:

Maybe I missed it but I didnt see any mention of ability of Pegasus to deliver a large payload of images to the device. It buffers tiny amounts of harvested data from the device and transmits it back to the Pegasus operator.

I’d be surprised if NSO couldn’t provide full and unassisted no-interaction remote backup support.

Tnx for the CitizenLab info post, LD150.

Am I right to interpret their "are affected" notice of:

". . . All iPhones with iOS versions prior to 14.8, All Mac computers

with operating system versions prior to OSX Big Sur 11.6, . . . "

. . . to mean that my un-updatable devices (MBpro-OSX10.11.6, iPh6-IOS12.5.4)

are & will be, in fact, vulnerable to Pegasus? No retro security updates?

Apple just abandons the legacy machines after a couple years, right?

They're deemed useless. My only securable device is iPadmini 5thG?

tnx

Quite the opposite. iOS 12 and older did not have the hole used by Pegasus, so no patch needed.

If the hole was accidentally introduced in iOS 13 then older versions naturally don't have it.

MacOS has a similar breakdown that I need to check - official release notes seem to be behind the white hat hackers' publications last time I looked but that was midnight in Cupertino.

If there is a hole then it is patched by the current batch of updates.

It would help if people who find vulnerabilities reported them to the software developers in return for legitimate reward, rather than make millions out of it through despotic governments.

update

https://zetter.substack.com/p/pegasus-spyware-how-it-works-and

For someone who knows their way around cybersecurity. https://github.com/mvt-project/mvt

You're welcome but MrHoffman is my guru on this.