For almost every iPhone owner on the planet, their only connection with the “Pegasus” spyware will be in the form of a critical iOS update which Apple issued late yesterday evening.
The update will prevent what security experts are calling the “most sophisticated” attack on a smartphone they’ve ever seen.
Developed by a secretive intelligence company called NSO Group, Pegasus effectively allowed the user to launch a malware attack on any iPhone and gain access to the information inside it.
The software was only discovered when prominent human rights defender Ahmed Mansoor received a suspicious looking text message and alerted Bill Marczak, a researcher at Citizen Lab.
What is “Pegasus”?
Pegasus simply describes the piece of software that would then launch the attack on the targeted iPhone.
It would send a SMS text message to the targeted iPhone containing some text and a link which the user would be persuaded to tap on.
Once the malware is downloaded it would take advantage of three ‘zero-day’ vulnerabilities which has since been codenamed “Trident”. This three-pronged attack would then give the actor access to apps including Gmail, Skype, Facebook, WhatsApp and more.
The rarity of this is significant. The term ‘zero-day’ simply describes a weak spot in a piece of software that had been previously unknown to the authorities, so to have a piece of software that used not one, but three of these was surprising.
Security firm Lookout worked closely with Apple the moment the discovery was made and described it as “the most sophisticated attack we’ve seen on any endpoint.”
It was an attack so comprehensive that Lookout claimed they had never seen anything like it before in the wild.
Who is using it and who are the targets?
No-one really knows, although security researchers have speculated that because of the sheer cost of the software ($8m for just 300 licences), the buyers are likely to be well-funded intelligence agencies.
In the case of Ahmed Mansoor, Marczak believes that the culprit was most likely the UAE, based on the simple fact that they’ve targeted him before.
Other targets around the world would have included prominent activists who are campaigning against their government’s regime, journalists and corporate CEOs.
Who are NSO Group?
So who exactly are the secretive group that created “Pegasus”?
Motherboard have done a superb investigation into NSO Group’s origins that’s well worth reading but even after significant digging it becomes clear that this is an organisation that do not want the spotlight.
Based out of Israel all that’s really known about them is that they’re US-owned, probably worked with US authorities on the Stuxnet virus and, according to them, only sell to governmental agencies.