Tuesday 7th September 2021

BLOG: What Is Pegasus?

On Monday, Spyware researchers obtained what is believed to be a new exploit from NSO Group’s Pegasus surveillance tool that was at the centre of controversy in July after a multipart worldwide investigation called the Pegasus Project conducted by over 15 media publications, this new exploit seems to be targeting iPhones and other iOS devices through iMessage. Apple has issued a patch to block and close the exploit discovered by researchers who said they found the hack in the iPhone records of a Saudi political activist and alerted the company to the problem. This is the first time since 2019 that the malicious code used in a Pegasus hack has been discovered by researchers. It offers new insights into the techniques of the company.

Pegasus is spyware developed by NSO Group that that affects iOS and Android devices to allow operatives of the tool to extract messages, photos and emails, record calls and secretly activate microphones. The revelations of Project Pegasus earlier this year suggest that the current Pegasus software can exploit all recent iOS versions up to iOS 14.6. Pegasus takes utilises zero-day vulnerabilities in software. Previously, pegasus infiltrated people’s smartphones via a clickable link, but the evolution of this spyware has now allowed it onto the phone without the need for interaction via a zero-click attack.

NSO Group is the developer of the Pegasus’ spyware and states that the software can not be traced back to the government using it, which is a significant and central feature for covert operations. NSO Group makes products that allow governments to spy on citizens. The company defines the role of its products on its website as helping “government intelligence and law-enforcement agencies use technology to meet the challenges of encryption” during terrorism and criminal investigations. The company told a media publication that it works only with government agencies, and it will remove access from agencies or other organisations it discovers to be abusing the properties of its products, the company claimed they have indeed revoked access for the misuse of their products before.
An Amnesty International statement raised the concern that the company may be providing spyware to oppressive governments, this is where government agencies can not be trusted to orchestrate things in the best interests of its citizens. Forensics analysis of a small number of phones whose numbers appeared on the leaked list also showed more than half had traces of the Pegasus spyware.

This is not NSO Groups first controversy over the course of the last decade, leading many to argue that NSO’s software has been used improperly. The desired target/targets for this situation are unclear to date. However, much of the reporting centres around a list containing 50,000 phone numbers with no clear reason for this list. The Pegasus Project analysed the numbers on the list and linked over 1,000 of them to their owners. It was discovered that based on the people that NSO standards hold its clients to should’ve been off-limits to governmental spying were on the list, such as business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, hundreds of politicians and government workers, 3 presidents, 10 prime ministers, and a king, 189 journalists and 85 human rights activists. The list also contains the numbers of close family members of one nation’s leader. NSO Group claimed that the list has nothing to do with them or their business and that the list is from a simple database of cellular numbers that is an aspect of the global cellular network.

One of the media publications involved in the investigation of Pegasus explained that the list does not include information about who added numbers to it nor whether individuals linked to the numbers were under surveillance. The investigation conducted suggests widespread and continuing abuse of NSO’s hacking spyware. The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack. However, the consortium believes the data is indicative of the potential targets NSO’s government clients identified in advance of possible surveillance attempts.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.