According to an investigation performed on the massive data leak of 50,000 phone numbers of potential surveillance targets that included activists, journalists and heads of states globally.
The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril.Agnès Callamard, Secretary General of Amnesty International
The Israeli cyber giant NSO made portable Base Transceiver Stations(BTS) which was featured among numerous media reports. The BTS impersonates a cellular tower forcing the cellular devices in a specific radius to connect to it hence enabling an attacker to take an advantage from the intercepted traffic. The addon capability of ‘network injection’ or ‘zero-click’ attack gave them an edge in the spyware market, which when exploited practically requires no user interactions hence the users staying uninformed of the compromise.
How is Pegasus different from other spywares
Pagasus, marketed by NSO Groups as world’s leading cyber intelligence solutions that enables better law enforcement and enables intelligence agencies to remotely extract data from any mobile device which is said to be developed by Isreali intelligence agencies
Until 2018, NSO Group clients have relied on text messages and Whatsapp messages to target individuals tricking them into click on malicious links eventually leading to the device being compromised. NSO Group has described this as ‘Enhanced Social Engineering Message (ESEM)’. Whenever a malicious message which is termed as ESEM is clicked by the target, it makes a request to a server which detects mobile phone’s operating system hence then transferring and executing the payload accordingly.
In 2019 report, the use of ‘network injections’ was mentioned which according to them requires ‘zero click’ interaction. The spyware now gets installed on the target’s mobile device without the need of user interacting. Their brochure explicitly considers this as NSO’s uniqueness that makes them stand out in the spyware market.
Kinds of devices that are vulnerable
Practically, all of the devices are vulnerable. iPhones have been widely targeted making use of the iOS default iMessage app and APNs protocol(Push Notifications Service) that could transmit itself the push notifications via Apple’s servers.
Moreover in October 2019, Whatsapp has blamed NSO Group for exploiting a vulnerability in their messaging app which faked a video call to a user, but it wasn’t a normal call. As soon as the phone rang, the spyware transmitted itself to the user’s device hence achieving their goal of ‘zero click’ or no user interaction for it to be installed.
Ways for prevention, if there’s any?
In some cases the network injection attack my fail if the device is not supported by the NSO system. Moreover as per Pegasus brochure, there is one way to dodge such attacks: changing the default web browser of a device. Browsers other than the default browsers of the device are not supported by the NSO system along with Chrome for android devices.
In such cases where network injection fails, the spyware relies on its primary strategy: tricking users with their malicious links packages as ESEM. Lastly, this spyware can be infected into devices within five minutes only if they have physical access to it.
Pakistan on the target list?
According to the government’s official statements, there might be a possibility that PM Imran Khan’s one of the phones might have been under attack for surveillance by the Pegasus spyware as it appeared in the data leak of phone numbers of the potential targets.
It is hard to say that Pakistan is yet ready to face such modern cyberwarfare and state-sponsored attacks, which reiterates the importance of a separate National CERT in Pakistan which monitors such incoming threats and risks.
It indeed is a reminder that the warfare strategies have been digitalised as well and the government cannot deny to the growing need of gathering young talented individuals that could potentially be used to be on the defending lines for Pakistan, digitally in the cyber space.
For now, it’s recommended for all of the users to keep an eye on the updates they get for their mobile devices that includes security patches and moreover hope that such zero-day attacks become rarer.
Have anything to say? Share it in comments.