Pegasus spyware, developed by Israel’s NSO Group, has been used by several governments around the world to spy on journalists, activists, opposition leaders, ministers, lawyers and others. others. This spyware allegedly infiltrated the phones of at least 180 journalists around the world.
Recently, Google’s Project Zero team has revealed how this software attacks the iPhone. Project Zero has called attacks using Pegasus a highly sophisticated technical exploit and rates the software as comparable to previous spyware, believed to be accessible only by a few countries. .
According to Project Zero, Pegasus attacks on iPhones are possible due to the ForcedEntry exploit. NSO hackers took advantage of how iMessage handles GIF images to insert PDF files into iPhones, disguised as GIF images. Then, a vulnerability in the compression engine used to process text in images, was exploited by this software.
Pegasus can do it all without any action from the user, hence it is called a “zero-click” attack. This software only needs a phone number or Apple ID to send malicious files and then infiltrate the iPhone. As soon as the iPhone received the message, the hack worked without the user being aware of its presence on his device.
Researchers at Google’s Project Zero have described the NSO Group’s hack on the iPhone as “astonishing and terrifying”.
NSO has also faced numerous lawsuits, with Apple also suing the Israeli company after releasing patches and notifying customers. They were also banned in the US after the details of the spyware were revealed.