Tech

Pegasus: Google reveals how Pegasus was used to hack iPhone – Times of India

December 22, 2021
Bharat Times English News

Earlier this year, it was reported that the Israel-based firm NSO Group It was imposed by governments to target activists, politicians and journalists. NSO Group is notorious for selling hacking solutions to high-profile clients. firm used Pegasus — a spyware package — which involves hacking a smartphone iphone, Since the report surfaced, the US has banned companies from doing any business with NSO Group, while Apple The firm has also been sued. Now, Google A blog has explained in detail how Pegasus was used to hack iPhones.

how hacking starts

In a blog post, Google explained that NSO offers zero-click exploit technology. In zero-click attack, the hacker does not send phishing messages or suspicious links as it works silently in the background. “Short of not using the device, there is no way to prevent an exploit by a zero-click exploit; it is a weapon against which there is no defense,” said Google’s Project Zero team that analyzes cybersecurity threats and On iPhones, Google said, the initial entry point for Pegasus is iMessage. So if an attacker has an AppleID username or phone number, they can target a victim.


Using the Fake GIF Trick

The victim will get a GIF file but in fact, while there is a .gif at the end of the file name, it is not actually a GIF file. “Using this “fake gif” trick, more than 20 image codecs are suddenly part of the iMessage zero-click attack surface, including some very obscure and complex formats that can remotely convert hundreds of thousands of lines of code. expose,” Google explained. According to Google, Apple has completely removed the GIF codepath that could lead to such attacks with iOS 15 in September 2021.
using excessive compression
Gone are the days when bandwidth or storage used to be a big issue. However, compression techniques were used in the 90s and are still being used. Google says that in the 90s, an image codec called JBIG2 was used to compress images where pixels could only be black or white. A few years ago a lot of PDF files were likely to have a JBIG 2 stream in PDF. There are a lot of old algorithms that are still being used, which are used for attacks like Pegasus.
In an interview with Wired, Project Zero’s Ian Beer and Samuel Gross said that hacking is the equivalent of elite national level espionage. “It equates to serious nation-state capabilities,” he says. “It’s really sophisticated stuff, and when it’s powered by an all-gas, no-brake autocrat, it’s absolutely terrifying. And it makes you wonder what else is being used right now.” Still waiting to be discovered. If civil society is facing such danger, it is really an emergency.”

,