SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Pegasus spyware could target iOS devices, says Group-IB
Thu, 21st Mar 2024

Global cybersecurity leader, Group-IB, recently published an enlightening blog analysing the dangerous Pegasus spyware. Pegasus, a tool created by the NSO Group for hidden cyber espionage, exploits zero-day vulnerabilities to infiltrate devices, challenging the cybersecurity of iOS products usually renowned for their impregnable fortifications.

The detailed assessment by Group-IB reveals the modus operandi and alarming capabilities of Pegasus. It also explores the wider vulnerability panorama of iOS, analysing flaws in applications such as iMessage and assessing Apple's security features such as BlastDoor and Lockdown Mode. The insights exposed promote better detection and counteractive strategies against Pegasus and similar spyware.

With the first recorded Pegasus attack dating back to August 2016, the spyware silently accesses sensitive information, such as messages, GPS data, device data, and audio logs from the infected devices. Infamously, Pegasus can also remotely activate the device's camera and microphone, converting the device into a potent illegal surveillance instrument.

Founded in 2010, NSO Group continually innovates its methods of unwarranted intrusions into devices. Pegasus, an example of the company's ingenuity, can infiltrate both iOS and Android devices primarily via quick messaging platforms such as SMS, WhatsApp, and iMessage, enabling effortless device invasions without the user's awareness. This poses a significant risk to the privacy and security of both individuals and organisations.

Pegasus' effectiveness lies in its strategic design utilising zero-day vulnerabilities, code obfuscation, and encryption. Once installed, it evolves continually to adapt to device settings and configurations. For an added layer of security, if exposed or deemed obsolete, it can uninstall itself or self-destruct.

Despite the rarity of Pegasus-style attacks, the ensuing risks for iOS users are very real. Over time, to enhance user experience, iOS has evolved into an increasingly complex and open system, sometimes at the expense of security. For example, flaws in the design of the iMessage application were left unprotected by the system's sandbox mechanisms.

This oversight wasn't adequately addressed in iOS 14 with its BlastDoor security feature, requiring the implementation of a 'Lockdown Mode' mechanism. Nonetheless, continued vulnerabilities might encourage users to disable iMessage entirely, especially considering no existent mechanisms for direct examination of infected devices.

As part of a wider pre-emptive strategy, Group-IB detailed an approach to examine potential infections without interacting with a compromised device directly. This process, in conjunction with open-source tools such as the Mobile Verification Toolkit, can potentially help detect not only Pegasus but also spyware created for Operation Triangulation, Predator Spyware and more.

Alerts to an infected device could include slower device performance, spontaneous reboots or shutdowns, rapid battery drain, unsolicited reappearance of previously uninstalled apps, and unexpected redirects to unfamiliar websites. To minimise the risk of infection, Group-IB encourages device users to maintain updated devices, scrutinise app permissions, and employ all available protection measures. Using the latest versions of iOS and disabling iMessage and FaceTime can also provide improved security.

Businesses, particularly those handling sensitive data or financial transactions, must place strong emphasis on the security of their mobile devices, applications, and APIs. Group-IB's Threat Intelligence aids organisations worldwide to identify cyber threats in numerous environments, offering continuous updates on new and prior cyber attacks as well as the stratagems, techniques, and behaviours of threat actors.

Experts from Group-IB's Digital Forensics team are also on hand to offer immediate support should an iOS or Android device be compromised by spyware such as Pegasus. They can assist with device analysis and the establishment of additional security measures, ensuring the most up-to-date defence mechanisms are in place for protection against cyber threats.