comscore Google explains how Pegasus spyware was used to hack into iPhones
News

Google explains how NSO Group hacked into iPhones using Pegasus spyware

Apple has already fixed this vulnerability in the iOS update that was released on September 13, 2021.

Apple iPhone

Image: Pixabay


NSO Group’s spyware, Pegasus, has made headlines for being used by governments to spy on hundreds of journalists, activists, academicians, businessmen and government officials around the world. Now, Google, in a detailed blog post, has explained how the spyware was used for hacking into iPhones without users’ knowledge. Also Read - Your next gaming laptop, PC will be more expensive to buy: Here's why

In a blog post by the Project Zero team, Google called the hack “one of the most technically sophisticated exploits”. The company also said that this hack demonstrates that the NSO Group’s Pegasus software has spyware capabilities that were previously thought to be accessible to only a handful of nation states. Also Read - iPhone SE+ or iPhone SE 3? Here’s what we know about the next affordable iPhone

How Pegasus hacks into iPhones

Google said that earlier the one-click exploit required the target to click on the phishing link for the hack to work. But now, the NSO Group is offering its clients zero-click exploitation technology, which requires no user interaction at all. Simply said, the attacker doesn’t need to send phishing messages. Instead, the exploit just works silently in the background. “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defense,” Google wrote in the post. Also Read - Apple regains top spot in global smartphone shipments as Samsung slips

How this exploit works is simple. The hack uses support for GIF files in iMessage to target users. As a part of the hack, the hackers insert a PDF file into an iPhone by disguising it in the form of a GIF. After that, a vulnerability in the compression tool for PDFs is used to process text in images, following which it builds a virtual computer inside the iPhone that acts as a command centre and sends instructions to carry out the hack.

“Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture…which they use to search memory and perform arithmetic operations. It’s not as fast as Javascript, but it’s fundamentally computationally equivalent,” the company added.

What is worrisome is that hackers just need the phone number of the Apple ID of the target to hack into the iPhone without letting the user know.

How to protect yourself from this hack?

The good news is that Apple has already fixed this vulnerability in the iOS update that was released on September 13, 2021. So, all you need to do is update your iPhone to the latest available OS update.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: December 20, 2021 1:52 PM IST



new arrivals in india

Best Sellers