Pegasus spyware breaks society's most fundamental currency - Trust

SHARE:

Twitter Facebook Google Pinterest
0 0 Edit this post

The Pegasus spyware is perhaps the most dangerous ever invented, which can break social trust significantly.

SHARE:

Twitter Facebook Google Pinterest

Pegasus spyware breaks society's most fundamental currency - Trust
  • Project Pegasus: The Israeli spyware, revealed to have been used to target hundreds of phones in India, has grown less reliant on clicks. Pegasus can infect a device without the target’s engagement or knowledge. In November 2019, a tech reporter from New York City photographed an interception device displayed at Milipol, a trade show on homeland security in Paris. The exhibitor, NSO Group, placed the hardware at the back of a van, perhaps suggesting convenience of portability, and said it would not work on US phone numbers, possibly due to a self-imposed restriction by the firm.
  • Evolution: Since the Israeli cyber giant was founded in 2010, that was probably the first time an NSO-made portable Base Transceiver Station (BTS) was featured in a media report. A BTS — or ‘rogue cell tower’ or ‘IMSI Catcher’ or ‘stingray’ — impersonates legitimate cellular towers and forces mobile phones within a radius to connect to it, so that the intercepted traffic can be manipulated by an attacker. The BTS photographed in 2019 was composed of horizontally-stacked cards, likely to allow interception over multiple frequency bands.
  1. The other option is to leverage access to the target’s mobile operator itself. In that scenario, an attacker would not need any rogue cell tower but would rely on the regular network infrastructure for manipulation.
  2. Either way, the capability of launching ‘network injection’ attacks — performed remotely without the target’s engagement (hence, also called zero-click) or knowledge —gave Pegasus, NSO Group’s flagship product, an unique edge over its competitors in the global spyware market.
  • Global investigation: Pegasus is now at the centre of a global collaborative investigative project that has found that the spyware was used to target, among others, hundreds of mobile phones in India.
  • How is Pegasus unique: Pegasus a.k.a. Q Suite, marketed by the NSO Group aka Q Cyber Technologies as “a world-leading cyber intelligence solution that enables law enforcement and intelligence agencies to remotely and covertly extract” data “from virtually any mobile devices”, was developed by veterans of Israeli intelligence agencies. Until early 2018, NSO Group clients primarily relied on SMS and WhatsApp messages to trick targets into opening a malicious link, which would lead to infection of their mobile devices. A Pegasus brochure described this as Enhanced Social Engineering Message (ESEM). When a malicious link packaged as ESEM is clicked, the phone is directed to a server that checks the operating system and delivers the suitable remote exploit.
  1. In its October 2019 report, Amnesty International first documented use of ‘network injections’ which enabled attackers to install the spyware “without requiring any interaction by the target”. Pegasus can achieve such zero-click installations in various ways. One over-the-air (OTA) option is to send a push message covertly that makes the target device load the spyware, with the target unaware of the installation over which she anyway has no control.
  2. This, a Pegasus brochure brags, is “NSO uniqueness, which significantly differentiates the Pegasus solution” from any other spyware available in the market.
  • Vulnerable devices: All devices are open to hacking! iPhones have been widely targeted with Pegasus through Apple’s default iMessage app and the Push Notification Service (APNs) protocol upon which it is based. The spyware can impersonate an application downloaded to an iPhone and transmit itself as push notifications via Apple’s servers. In August 2016, the Citizen Lab, an interdisciplinary laboratory based at the University of Toronto, reported the existence of Pegasus to cyber security firm Lookout, and the two flagged the threat to Apple. In April 2017, Lookout and Google released details on an Android version of Pegasus. In October 2019, WhatsApp blamed the NSO Group for exploiting a vulnerability in its video-calling feature. “A user would receive what appeared to be a video call, but this was not a normal call. After the phone rang, the attacker secretly transmitted malicious code in an effort to infect the victim’s phone with spyware. The person did not even have to answer the call,” WhatsApp chief Will Cathcart said.
  • Total control: Once infected, a phone becomes a digital spy under the attacker’s complete control. Upon installation, Pegasus contacts the attacker’s command and control (C&C) servers to receive and execute instructions and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls (even those via end-to-end-encrypted messaging apps). The attacker can control the phone’s camera and microphone, and use the GPS function to track a target.  To avoid extensive bandwidth consumption that may alert a target, Pegasus sends only scheduled updates to a C&C server. The spyware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by the attacker, when and if necessary.
  • How to save yourself: Smart cyber hygiene can safeguard against ESEM baits. But when Pegasus exploits a vulnerability in one’s phone’s operating system, there is nothing one can do to stop a network injection. Worse, one will not even be aware of it unless the device is scanned at a digital security lab. Switching to an archaic handset that allows only basic calls and messages will certainly limit data exposure, but may not significantly cut down infection risk. Any alternative devices used for emails and apps will remain vulnerable unless one forgoes using those essential services altogether. The best one can do is to stay up to date with every operating system update and security patch released by device manufacturers, and hope that zero-day attacks become rarer.
  • Summary: Since the spyware resides in the hardware, the attacker will have to successfully infect the new device every time one changes. That may pose both logistical (cost) and technical (security upgrade) challenges. Unless one is up against unlimited resources, usually associated with state power.


Join PT courses | PT Youtube | PT App Contribute Testimonials 

Labels:

COMMENTS

DISQUS
Name

01-01-2020,1,04-08-2021,1,05-08-2021,1,06-08-2021,1,28-06-2021,1,Abrahamic religions,6,Afganistan,1,Afghanistan,35,Afghanitan,1,Afghansitan,1,Africa,2,Agri tech,2,Agriculture,150,Ancient and Medieval History,51,Ancient History,4,Ancient sciences,1,April 2020,25,April 2021,22,Architecture and Literature of India,11,Armed forces,1,Art Culture and Literature,1,Art Culture Entertainment,2,Art Culture Languages,3,Art Culture Literature,10,Art Literature Entertainment,1,Artforms and Artists,1,Article 370,1,Arts,11,Athletes and Sportspersons,2,August 2020,24,August 2021,239,August-2021,3,Authorities and Commissions,4,Aviation,3,Awards and Honours,26,Awards and HonoursHuman Rights,1,Banking,1,Banking credit finance,13,Banking-credit-finance,19,Basic of Comprehension,2,Best Editorials,4,Biodiversity,46,Biotechnology,47,Biotechology,1,Centre State relations,19,CentreState relations,1,China,81,Citizenship and immigration,24,Civils Tapasya - English,92,Climage Change,3,Climate and weather,44,Climate change,60,Climate Chantge,1,Colonialism and imperialism,3,Commission and Authorities,1,Commissions and Authorities,27,Constitution and Law,467,Constitution and laws,1,Constitutional and statutory roles,19,Constitutional issues,128,Constitutonal Issues,1,Cooperative,1,Cooperative Federalism,10,Coronavirus variants,7,Corporates,3,Corporates Infrastructure,1,Corporations,1,Corruption and transparency,16,Costitutional issues,1,Covid,104,Covid Pandemic,1,COVID VIRUS NEW STRAIN DEC 2020,1,Crimes against women,15,Crops,10,Cryptocurrencies,2,Cryptocurrency,7,Crytocurrency,1,Currencies,5,Daily Current Affairs,453,Daily MCQ,32,Daily MCQ Practice,573,Daily MCQ Practice - 01-01-2022,1,Daily MCQ Practice - 17-03-2020,1,DCA-CS,286,December 2020,26,Decision Making,2,Defence and Militar,2,Defence and Military,281,Defence forces,9,Demography and Prosperity,36,Demonetisation,2,Destitution and poverty,7,Discoveries and Inventions,8,Discovery and Inventions,1,Disoveries and Inventions,1,Eastern religions,2,Economic & Social Development,2,Economic Bodies,1,Economic treaties,5,Ecosystems,3,Education,119,Education and employment,5,Educational institutions,3,Elections,37,Elections in India,16,Energy,134,Energy laws,3,English Comprehension,3,Entertainment Games and Sport,1,Entertainment Games and Sports,33,Entertainment Games and Sports – Athletes and sportspersons,1,Entrepreneurship and startups,1,Entrepreneurships and startups,1,Enviroment and Ecology,2,Environment and Ecology,228,Environment destruction,1,Environment Ecology and Climage Change,1,Environment Ecology and Climate Change,458,Environment Ecology Climate Change,5,Environment protection,12,Environmental protection,1,Essay paper,643,Ethics and Values,26,EU,27,Europe,1,Europeans in India and important personalities,6,Evolution,4,Facts and Charts,4,Facts and numbers,1,Features of Indian economy,31,February 2020,25,February 2021,23,Federalism,2,Flora and fauna,6,Foreign affairs,507,Foreign exchange,9,Formal and informal economy,13,Fossil fuels,14,Fundamentals of the Indian Economy,10,Games SportsEntertainment,1,GDP GNP PPP etc,12,GDP-GNP PPP etc,1,GDP-GNP-PPP etc,20,Gender inequality,9,Geography,10,Geography and Geology,2,Global trade,22,Global treaties,2,Global warming,146,Goverment decisions,4,Governance and Institution,2,Governance and Institutions,773,Governance and Schemes,221,Governane and Institutions,1,Government decisions,226,Government Finances,2,Government Politics,1,Government schemes,358,GS I,93,GS II,66,GS III,38,GS IV,23,GST,8,Habitat destruction,5,Headlines,22,Health and medicine,1,Health and medicine,56,Healtha and Medicine,1,Healthcare,1,Healthcare and Medicine,98,Higher education,12,Hindu individual editorials,54,Hinduism,9,History,216,Honours and Awards,1,Human rights,249,IMF-WB-WTO-WHO-UNSC etc,2,Immigration,6,Immigration and citizenship,1,Important Concepts,68,Important Concepts.UPSC Mains GS III,3,Important Dates,1,Important Days,35,Important exam concepts,11,Inda,1,India,29,India Agriculture and related issues,1,India Economy,1,India's Constitution,14,India's independence struggle,19,India's international relations,4,India’s international relations,7,Indian Agriculture and related issues,9,Indian and world media,5,Indian Economy,1248,Indian Economy – Banking credit finance,1,Indian Economy – Corporates,1,Indian Economy.GDP-GNP-PPP etc,1,Indian Geography,1,Indian history,33,Indian judiciary,119,Indian Politcs,1,Indian Politics,637,Indian Politics – Post-independence India,1,Indian Polity,1,Indian Polity and Governance,2,Indian Society,1,Indias,1,Indias international affairs,1,Indias international relations,30,Indices and Statistics,98,Indices and Statstics,1,Industries and services,32,Industry and services,1,Inequalities,2,Inequality,103,Inflation,33,Infra projects and financing,6,Infrastructure,252,Infrastruture,1,Institutions,1,Institutions and bodies,267,Institutions and bodies Panchayati Raj,1,Institutionsandbodies,1,Instiutions and Bodies,1,Intelligence and security,1,International Institutions,10,international relations,2,Internet,11,Inventions and discoveries,10,Irrigation Agriculture Crops,1,Issues on Environmental Ecology,3,IT and Computers,23,Italy,1,January 2020,26,January 2021,25,July 2020,5,July 2021,207,June,1,June 2020,45,June 2021,369,June-2021,1,Juridprudence,2,Jurisprudence,91,Jurisprudence Governance and Institutions,1,Land reforms and productivity,15,Latest Current Affairs,1136,Law and order,45,Legislature,1,Logical Reasoning,9,Major events in World History,16,March 2020,24,March 2021,23,Markets,182,Maths Theory Booklet,14,May 2020,24,May 2021,25,Meetings and Summits,27,Mercantilism,1,Military and defence alliances,5,Military technology,8,Miscellaneous,454,Modern History,15,Modern historym,1,Modern technologies,42,Monetary and financial policies,20,monsoon and climate change,1,Myanmar,1,Nanotechnology,2,Nationalism and protectionism,17,Natural disasters,13,New Laws and amendments,57,News media,3,November 2020,22,Nuclear technology,11,Nuclear techology,1,Nuclear weapons,10,October 2020,24,Oil economies,1,Organisations and treaties,1,Organizations and treaties,2,Pakistan,2,Panchayati Raj,1,Pandemic,137,Parks reserves sanctuaries,1,Parliament and Assemblies,18,People and Persoalities,1,People and Persoanalities,2,People and Personalites,1,People and Personalities,189,Personalities,46,Persons and achievements,1,Pillars of science,1,Planning and management,1,Political bodies,2,Political parties and leaders,26,Political philosophies,23,Political treaties,3,Polity,485,Pollution,62,Post independence India,21,Post-Governance in India,17,post-Independence India,46,Post-independent India,1,Poverty,46,Poverty and hunger,1,Prelims,2054,Prelims CSAT,30,Prelims GS I,7,Prelims Paper I,189,Primary and middle education,10,Private bodies,1,Products and innovations,7,Professional sports,1,Protectionism and Nationalism,26,Racism,1,Rainfall,1,Rainfall and Monsoon,5,RBI,73,Reformers,3,Regional conflicts,1,Regional Conflicts,79,Regional Economy,16,Regional leaders,43,Regional leaders.UPSC Mains GS II,1,Regional Politics,149,Regional Politics – Regional leaders,1,Regionalism and nationalism,1,Regulator bodies,1,Regulatory bodies,63,Religion,44,Religion – Hinduism,1,Renewable energy,4,Reports,102,Reports and Rankings,119,Reservations and affirmative,1,Reservations and affirmative action,42,Revolutionaries,1,Rights and duties,12,Roads and Railways,5,Russia,3,schemes,1,Science and Techmology,1,Science and Technlogy,1,Science and Technology,819,Science and Tehcnology,1,Sciene and Technology,1,Scientists and thinkers,1,Separatism and insurgencies,2,September 2020,26,September 2021,444,SociaI Issues,1,Social Issue,2,Social issues,1308,Social media,3,South Asia,10,Space technology,70,Startups and entrepreneurship,1,Statistics,7,Study material,280,Super powers,7,Super-powers,24,TAP 2020-21 Sessions,3,Taxation,39,Taxation and revenues,23,Technology and environmental issues in India,16,Telecom,3,Terroris,1,Terrorism,103,Terrorist organisations and leaders,1,Terrorist acts,10,Terrorist acts and leaders,1,Terrorist organisations and leaders,14,Terrorist organizations and leaders,1,The Hindu editorials analysis,58,Tournaments,1,Tournaments and competitions,5,Trade barriers,3,Trade blocs,2,Treaties and Alliances,1,Treaties and Protocols,43,Trivia and Miscalleneous,1,Trivia and miscellaneous,43,UK,1,UN,114,Union budget,20,United Nations,6,UPSC Mains GS I,584,UPSC Mains GS II,3969,UPSC Mains GS III,3071,UPSC Mains GS IV,191,US,63,USA,3,Warfare,20,World and Indian Geography,24,World Economy,404,World figures,39,World Geography,23,World History,21,World Poilitics,1,World Politics,612,World Politics.UPSC Mains GS II,1,WTO,1,WTO and regional pacts,4,अंतर्राष्ट्रीय संस्थाएं,10,गणित सिद्धान्त पुस्तिका,13,तार्किक कौशल,10,निर्णय क्षमता,2,नैतिकता और मौलिकता,24,प्रौद्योगिकी पर्यावरण मुद्दे,15,बोधगम्यता के मूल तत्व,2,भारत का प्राचीन एवं मध्यकालीन इतिहास,47,भारत का स्वतंत्रता संघर्ष,19,भारत में कला वास्तुकला एवं साहित्य,11,भारत में शासन,18,भारतीय कृषि एवं संबंधित मुद्दें,10,भारतीय संविधान,14,महत्वपूर्ण हस्तियां,6,यूपीएससी मुख्य परीक्षा,91,यूपीएससी मुख्य परीक्षा जीएस,117,यूरोपीय,6,विश्व इतिहास की मुख्य घटनाएं,16,विश्व एवं भारतीय भूगोल,24,स्टडी मटेरियल,266,स्वतंत्रता-पश्चात् भारत,15,
ltr
item
PT's IAS Academy: Pegasus spyware breaks society's most fundamental currency - Trust
Pegasus spyware breaks society's most fundamental currency - Trust
The Pegasus spyware is perhaps the most dangerous ever invented, which can break social trust significantly.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLavHcdcFhNMQpjTTOiPeDCLHintoL-hv7eJVUIQPr6X7-qILWBhYdoci8IF5M4TI1NOx-YZda2V_MbtdBhJOvXgrD2qpN5uR-MechLXC5SwDg3tSCzMaukgdyo4QfOrx7T2X0_xlGg8M/s16000/7.1.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLavHcdcFhNMQpjTTOiPeDCLHintoL-hv7eJVUIQPr6X7-qILWBhYdoci8IF5M4TI1NOx-YZda2V_MbtdBhJOvXgrD2qpN5uR-MechLXC5SwDg3tSCzMaukgdyo4QfOrx7T2X0_xlGg8M/s72-c/7.1.jpg
PT's IAS Academy
https://civils.pteducation.com/2021/07/Pegasus-spyware-breaks-societys-most-fundamental-currency-Trust-Prelims-UPSCMainsGSII-Humanrights-SocialIssues-ScienceandTechnology-IndianPolitics-July2021.html
https://civils.pteducation.com/
https://civils.pteducation.com/
https://civils.pteducation.com/2021/07/Pegasus-spyware-breaks-societys-most-fundamental-currency-Trust-Prelims-UPSCMainsGSII-Humanrights-SocialIssues-ScienceandTechnology-IndianPolitics-July2021.html
true
8166813609053539671
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow TO READ FULL BODHI... Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy