PEGASUS SPYWARE Syllabus GS Paper 3 – Internal Security)

Context: A forensic investigation by Amnesty

Pegasus Spyware

• Origin: Pegasus, a spyware designed by the Israeli firm NSO Group, serves the purpose of infiltrating both Android and iOS smartphones, transforming them into surveillance devices.
• Targeted: Pegasus is specifically employed for targeted spying on criminals and terrorists rather than engaging in mass surveillance, highlighting its focused application.
• Undiscovered Vulnerabilities: It operates by exploiting undisclosed vulnerabilities or bugs, enabling it to infect phones even with the latest security patches.

Zero-Click Exploit

• About: It is malicious software that allows spyware to be installed on a device without the device owner’s consent. 

oIt doesn’t require the device owner to perform any actions to initiate or complete the installation. 

oTo compare, regular apps may require a user to click ‘install’, ‘confirm’, etc. to complete an installation.

• Exploit Identification: The exploit allegedly employed on the two devices is known as "BLASTPAST" (formerly recognized as "BLASTPASS").

oTwo-Phase OperationPhase One: In the first phase, the attack endeavors to establish a connection with the Apple HomeKit on the target's device, offering a means to control various smart devices.

oPhase Two: The second phase involves sending malicious content via the iMessage app to the target, constituting the delivery of the full spyware "payload."

Indian journalists were among those “recently targeted with Pegasus spyware on their iPhones”.