We have news about Pegasus, the tool of the Israeli company NSO that publicly and illegally presumes hacker our smartphones illegally, but yes, just to sell our data to the government that pays the most.
According to the Financial Times, NSO Group Technologies says that You can access virtually any cloud data storage service, including Apple. How do you get it? We will explain it below.
How Pegasus works
The first thing you need is to install Pegasus on your device. It is not a global access to the attacked servers, but must be accessed from the device of the target person, which requires having spyware installed. This software is responsible for retrieving credentials from the device and sends them to the hacker server.
Once they have access credentials, hackers take care of clone your device, even its location, and simulating that it is your own smartphone that accesses iCloud, Facebook or any other service. It seems that in this way it manages to prevent it from being detected and requested, for example, the double factor that it asks us when we want to enter iCloud from outside our smartphone.
What can we do to prevent it from infecting us
We do not know the method that Pegasus uses to infect our devices. You may take advantage of a security hole in the operating systems so that through a simple message or email you can access our device, in which case we can do little. But you may use unofficial applications, certificates of doubtful origins… that is why we always insist that you do not install apps that do not come from official stores.
Once we are infected the only solution we have left is restore the device and change our password to iCloud, Facebook and any other service we want to protect. In this way the access code that Pegasus has will no longer be valid, and unless it infects us again, it will not be able to access our services.
What does Apple say about this
Apple's statements regarding this problem are quite concise and really do not confirm or deny anything.
We have the safest platform in the world. There may be tools to execute attacks on a small number of devices, but they are not useful for large-scale attacks against our users.
In the absence of some more extensive statements that confirm if it is true that your devices are sensitive to this attack, and most importantly, waiting for them to find a solution for this type of malware, all we can do is what we used to do we indicate: distrust any application that does not come from the App Store or of any certificate that we are asked to install in our terminal.
Public and unpunished criminals
The most bleeding of all this problem is that a company publicly presumes to install illegally, without the user's authorization, malicious software that collects the access keys to services with the intention of copying personal data and selling them to best bidder. But he "promises" that he only sells it to governments, its impunity is absolute.
How long can users' privacy be so flagrantly violated with the permissiveness of all governments? It is disconcerting that it is the big techs that have to protect the privacy of citizens before government attacks democratic (or not).
The best accessories for your iPhone
Are you looking for a new case for your iPhone? An accessory for the Apple Watch? Maybe a Bluetooth speaker? Do not miss these offers on accessories and get the most out of Apple's mobile: