Pegasus and the Pocket Spy
2020-03-14Pegasus is spyware that can be installed on devices running some versions of iOS, Apple's mobile operating system, as well on devices running Android. It was developed by the Israeli cyberarms firm, NSO Group.
Discovered in August 2016 after a failed attempt at installing it on an iPhone belonging to a human rights activist, an investigation revealed details about the spyware, its abilities, and the security vulnerabilities it exploited. Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, accessing the target device's microphone(s) and video camera(s),[1] and gathering information from apps.
Apple released version 9.3.5 of its iOS software to fix the vulnerabilities. News of the spyware caused significant media coverage. It was called the "most sophisticated" smartphone attack ever, and became the first time in iPhone history when a remote jailbreak exploit had been detected. The company that created the spyware, NSO Group, stated that they provide "authorized governments with technology that helps them combat terror and crime".
The two QualPwn vulnerabilities breakdown:
CVE-2019-10538 - a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel. Can be exploited by sending specially-crafted packets to a device's WLAN interface, which allows the attacker to run code with kernel privileges.
CVE-2019-10540 - a buffer overflow in the Qualcomm WLAN and modem firmware that ships with Qualcomm chips. Can be exploited by sending specially-crafted packets to an Android's device modem. This allows for code execution on the device.
The first issue was patched with a code fix in the Android operating system source code, while the second bug was patched with a code fix in Qualcomm's closed-source firmware that ships on a limited set of devices.
Tencent researchers said they only tested the QualPwn attacks on Google Pixel 2 and Pixel 3 devices, using Qualcomm Snapdragon 835 and Snapdragon 845 chips. There are millions of mobile phone sold with the snapdragon chipsets by several OEMs, powered with Qualcomm chipsets, they become vulnerable and can also be targeted by the hackers by making it as bots.
List of Smartphones with Snapdragon 845 SoC
1. Samsung Galaxy S9 & Galaxy S9 Plus
2. Sony Xperia XZ2 & XZ2 Compact
3. Xiaomi Mi 8
4. Meizu 16 & Meizu 16 Plus
5. OnePlus 6
6. Razer Phone 2
7. Asus Zenfone 5Z
8. Google Pixel 3 and Pixel 3 XL
9.Nokia 9 PureView
10.Vivo NEX S
Pegasus, created by NSO of Israel goes down as the deadliest tool made for compromising smartphones. The tales of Jamal Khassogi’s friend’s phone being compromised can send down chill through anybody’s spine. NSO is best known for marketing Pegasus. This is a highly invasive tool which is said to switch on a target’s cellphone camera & microphone and access it’s data. In real terms the phone is turned into a pocket spy. The Golden Age of espionage has begun.
What is could mean to the future of democracy need not be debated. The usage of this tool is to go through the Israeli govt. route. Facebook in October, owner of WhatsApp filed a suit against NSO in US levelling charges that this company has been using this popular messaging service as a platform to conduct cyber espionage. It claims this sort of an espionage was conducted on nearly 1,400 journalists, diplomats and human rights activists worldwide.
It’s been used as a political tool is the claim. Seniors officials of over 20 countries allied with US have reportedly been the targets of the hacking campaign. NSO on the other hand has the requested the court to sanction Facebook for $17,000 in legal fees. It challenges the basic premise of the lawsuit stating that it only provides software to governments with the only purpose of fighting terrorism and crime.
This seems to the replay of the FBI and Apple case, though this time both the parties to the case are private business entities. In the interplay of these two legendary companies comes the roles of governments and how data / fact / official work and approval is devised and taken through.Hence, the capability of being able to get, use and manipulate data by hook or by crook is turning out to be the winning combination. The legal battle will always be an after thought.
Lastly your own smartphone can be used in smart ways against you.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.