Pegasus returns, now with new capabilities. At least it follows from the documents and information collected by the Financial Times. According to this new version, Pegasus can access the personal clouds of users who have previously infiltrated through spyware. Among these services cloud they find each other Apple, Google, Facebook, Amazon and Microsoft. It is a controversial service offered only to "responsible" governments but which in the past has ended up in the hands of authoritarian states.
How Pegasus works in its new version of spyware
Pegasus is a service marketed by the Israeli company NSO Group Technologies. It is designed so that the security and intelligence forces can access the data contained by the devices of at least the five major technologies. The procedure is as follows, according to the documentation obtained by the Financial Times:
- The Spanish software is installed on a device of the target person.
- Pegasus clones the device's access credentials to the cloud and transfers them to a server.
- The server downloads all data stored in the cloud, which may include years of information.
- Surveillance operators receive all this information.
It is important to note that Pegasus works only when a device has been infected with its spyware. So that It is not a system that allows mass access to devices and indiscriminate. It is necessary to infect a device of the subject, probably a link with the attack in a message or email. This type of attack makes the authentication of two factors useless, according to the same documentation.
Because of its way of attacking, it is a type of spyware that can only be done individually and not massively
The way he has access to the information makes Pegasus independent of the device. Once user access to the cloud is guaranteed, you can obtain data and information of any of the devices that synchronize to it: smartphones, tablets and computers. Among them, Apple. The company provided the following statement to the FT:
Apple said its operating system is "the safest computing platform in the world. Although there may be very expensive tools to execute specific attacks on a small number of devices, we do not believe this is useful for large-scale attacks against consumers ". The company adds that it updates its operating system and security settings regularly.
How to get rid of Pegasus
For those who have a good memory, Pegasus sounds like the software belonging to the NSO Group that three years ago was used to access the device of a human rights activist in United Arab Emirates. It was a different attack in which this activist's iPhone was infected. At the time, Apple released iOS 9.3.5 to close the security error that allows that exploit.
And a few months ago, it was discovered that an error in WhatsApp allows hackers install Spanish software on the iPhone and Android devices. On this occasion, the attack is once again directed at a single person and cannot be applied massively. WhatsApp has been corrected that error and can no longer be exploited.
For this new attack there doesn't seem to be a simple way to fix it. At least for now, since the authentication with the cloud of both Apple and the other companies affected It is based on common standards throughout the industry. It doesn't seem to be something that is solved with an update.
However, the Financial Times gives a solution to Pegasus. Restoring and manufacturing an Apple device will not solve the problem, since the spyware clone access credentials. The only way to break your access is changing passwords of access to the service. That "cancels the viability of the replicated authentication token until Pegasus is deployed again."
Share NSO Group claims to be able to access data from iCloud and other cloud services with 'Pegasus'