Technical Analysis of Pegasus spyware
For the past few days, the Pegasus spyware is the talk of the town. It is been developed by the Israeli-based NSO company. There are many allegations against the NSO company, the android and iOS can be hacked with zero-day exploits at the expense of theft of data privacy breach by the hackers without even making them realize that the data has been compromised.
What is pegasus?
The pegasus software is a zero-day exploit, that intrudes into Android mobiles and even into iOS phones.
It can be installed remotely without a surveillance target ever having to open a document or website link, according to the Washington Post
Pegasus reveals all to the NSO customers who control it — text messages, photos, emails, videos, contact lists — and can record phone calls. It can also secretly turn on a phone’s microphone and cameras to create new recordings, the Washington Post said.
How does the Spyware Attack process work?
In general, there are only two stages in this type of remote code injection attack.
Step 1: Target and Jailbreak
The spyware can be installed with the remote code execution technique, anyone can be a victim of this spyware without their knowledge. The pegasus software gets installed into the mobile phone and the attacker gets a full gain of the OS kernel.
Basically, the root level permits the overwrite of the software and manipulates the kernel to collect the logs and build-in code.
Step 2: Espionage software
The attacker can encrypt and decrypt the execution file for further execution of the code. The architecture(32bit or 64bit) of the OS system also plays a role in it, implementation of the code. Then the bad guy hooks his spyware or other applications into the targeted user without his concern.
A clever hacker tries to remove his maximum number of footprints on the web. In this process, he even analysis if there is another jailbreak into this device; If so he removes even that method of access such as via SSH.
How can I tell if my phone has been infected by Pegasus or other spyware tools?
Amnesty International released an open-source utility called MVT (Mobile Verification Toolkit) is built that’s designed to detect traces of Pegasus in GitHub.
The software runs on phones, personal computers and analyzes data including backup files exported from an iPhone or Android phone but this is a bit tricky to use. There are a few recommendations to check your phone status against the pegasus. This very useful resource for both Android and iPhones.
