The Pegasus spy tool of the Israeli company NSO Group, which went viral in the middle of this year when it was discovered that it was monitoring activists, journalists and politicians from different parts of the world, continues to give people something to talk about. Now, Google has analyzed the techniques that this company uses to infect mobiles without being detected.
Google’s Project Zero researchers, experts in cybersecurity, have analyzed the vulnerability of iOS that NSO Group took advantage of to put Pegasus in thousands of mobiles without their owners noticing. The Washington Post published that at least 50,000 people had been spied on by this technique of the Israeli company.
The Project Zero report is key to understanding the importance of cyber espionage today. Pegasus was capable of infecting a mobile without being detected and without requiring interaction with the owner.
Through NSO Group’s spy technology , Project Zero claims it can rival techniques that “were previously thought to be accessible only to a handful of nations .” As detailed by computer security experts, this method ” is a weapon against which there is no defense .”
Before phishing became more popular among the population, in 2016, the NSO Group needed just one SMS to send malicious links. Through them, users downloaded spy software to their devices that monitored every movement or conversation.
However, many people have learned over time not to download files or click on suspicious links. For this reason, the Israeli company has had to improve its technique to infect mobile phones without the need for the owner to take any action.
By simply sending a malicious PDF disguised as a GIF to Apple’s iMassage application , the NSO attack dubbed ‘ForcedEntry’ was downloaded to thousands of devices. The vulnerability consisted of a compression tool used to process text in images that Apple’s current software had inherited from the 1990s.
This failure in Apple’s operating system seems to have been resolved in September of this year with its version in iOS 14.8. Therefore, potential Pegasus victims who have updated their iPhones will be protected against further attacks of this type.
Although that risk no longer exists, Apple has sued the NSO Group to prevent it from ” harming its users again .” While the Israeli company defends that its products are only used to curb terrorism and organized crime , the lawsuit is forcing it to seek new buyers for its software to pay off debts.