Google explains how NSO Group hacked into iPhones using Pegasus spyware

NSO Group’s spyware, Pegasus, has made headlines for being used by governments to spy on hundreds of journalists, activists, academicians, businessmen and government officials around the world. Now, Google, in a detailed blog post, has explained how the spyware was used for hacking into iPhones without users’ knowledge.

In a blog post by the Project Zero team, Google called the hack “one of the most technically sophisticated exploits”. The company also said that this hack demonstrates that the NSO Group’s Pegasus software has spyware capabilities that were previously thought to be accessible to only a handful of nation states.

How Pegasus hacks into iPhones

Google said that earlier the one-click exploit required the target to click on the phishing link for the hack to work. But now, the NSO Group is offering its clients zero-click exploitation technology, which requires no user interaction at all. Simply said, the attacker doesn’t need to send phishing messages. Instead, the exploit just works silently in the background. “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defense,” Google wrote in the post.

How this exploit works is simple. The hack uses support for GIF files in iMessage to target users. As a part of the hack, the hackers insert a PDF file into an iPhone by disguising it in the form of a GIF. After that, a vulnerability in the compression tool for PDFs is used to process text in images, following which it builds a virtual computer inside the iPhone that acts as a command centre and sends instructions to carry out the hack.

“Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture…which they use to search memory and perform arithmetic operations. It’s not as fast as Javascript, but it’s fundamentally computationally equivalent,” the company added.

What is worrisome is that hackers just need the phone number of the Apple ID of the target to hack into the iPhone without letting the user know.

How to protect yourself from this hack?

The good news is that Apple has already fixed this vulnerability in the iOS update that was released on September 13, 2021. So, all you need to do is update your iPhone to the latest available OS update.

The post Google explains how NSO Group hacked into iPhones using Pegasus spyware appeared first on BGR India.

Go to Source

Leave a Reply

Your email address will not be published.