Pegasus is a SaaS-style platform sold to nation state actors, criminal groups and other evil conspirators that want to spy on victim targets. NSO Group (or whatever they are called at the moment) acquires a variety of 0-day exploits for different phone vendors and models, both by developing their own but also buying them from black hats that make a living on developing these and selling to the highest bidder.
There is not a single “Pegasus exploit” but a whole array of them where the one that is used is selected based on the victim and target device. Naturally, when one exploit is discovered and fixed by the phone vendor, it cannot be used again on patched devices and new exploits have to be acquired.
One of the exploits that are known to have been used with Pegasus is indeed the iMessage 0-click vulnerability reported by the Google Zero initiative, but it didn’t require any user interaction. You only needed the victim device to receive the message with the exploit payload.
Sometimes, nation states themselves buy or develop 0-day exploits that are not reported to the software vendor, in hope that it can be weaponized instead. See for example the “Stuxnet” attack against Iran, which was carried out by USA and Israel using a critical vulnerability in Windows that had been unknown to the public for about a decade (which means that anybody else who found it during this time could use it against the general public as a consequence of it being kept as a secret).
AntiBullyRanger@ani.social
on 31 Jan 22:20
nextcollapse
Less exploitable doesn’t equal unexploitable. The reason iOS was exploited here is because the journalist is using an iPhone, not because it’s easier to exploit iPhones.
AntiBullyRanger@ani.social
on 01 Feb 17:06
collapse
pageflight@piefed.social
on 01 Feb 02:02
nextcollapse
Al-Masarir’s iPhones had been hacked in 2018 after he clicked on links in three text messages seemingly sent from news outlets as special membership offers.
I wonder if opening unknown links in an Incognito session would have helped, or if he would’ve had to avoid opening them entirely.
Wikipedia says it’s “designed to be covertly and remotely installed on mobile phones running iOS and Android,” and has some detailed descriptions including:
“Google’s Project Zero documented another exploit, dubbed FORCEDENTRY, in December 2021. According to Google’s researchers, Pegasus sent an iMessage to its targets that contained what appeared to be GIF images, but which in fact contained a JBIG2 image. A vulnerability in the Xpdf implementation of JBIG2, re-used in Apple’s iOS phone operating software, allowed Pegasus to construct an emulated computer architecture inside the JBIG2 stream which was then used to implement the zero-click attack. Apple fixed the vulnerability in iOS 14.8 in September 2021 as CVE-2021-30860.”
Pegasus is a powerful and controversial hacking tool made by Israeli company NSO Group. NSO Group insists it only sells its spyware to governments to help track terrorists and criminals.
But Citizen Lab has discovered it on phones belonging to politicians, journalists and dissidents - including al-Masarir.
Promises from Israel?!
The total damages awarded are £3,025,662.83 but it’s not clear if Saudi Arabia will pay.
The BBC contacted the Saudi embassy in London but has not had a reply.
Yep. It’s especially pathetic when we consider how the average idiot has been brow-beaten into believing every conspiracy theory about Israel is just blind racist hate.
Zionists care about themselves above everyone else. There’s no limit to the amount of suffering they are willing to cause in order to achieve their goals.
threaded - newest
Need to say what phone models he used
It says iPhone in the top image caption.
Oh shit so it does. Thanks
I’ve seen remote hacks with Pegasus with three different Models and Roms, including a stock Pixel.
No one is safe. Except with TempleOS, maybe.
What about Murena? I wonder if it can defeat Pegasus’s hacks.
That said if I was going to criticise a violent regime like the House of Saud I’d be using a burner phone, and not accepting random messages.
The Pegasus hack reportedly uses an exploit in imessage to execute unauthorised code.
Pegasus is a SaaS-style platform sold to nation state actors, criminal groups and other evil conspirators that want to spy on victim targets. NSO Group (or whatever they are called at the moment) acquires a variety of 0-day exploits for different phone vendors and models, both by developing their own but also buying them from black hats that make a living on developing these and selling to the highest bidder.
There is not a single “Pegasus exploit” but a whole array of them where the one that is used is selected based on the victim and target device. Naturally, when one exploit is discovered and fixed by the phone vendor, it cannot be used again on patched devices and new exploits have to be acquired.
One of the exploits that are known to have been used with Pegasus is indeed the iMessage 0-click vulnerability reported by the Google Zero initiative, but it didn’t require any user interaction. You only needed the victim device to receive the message with the exploit payload.
Sometimes, nation states themselves buy or develop 0-day exploits that are not reported to the software vendor, in hope that it can be weaponized instead. See for example the “Stuxnet” attack against Iran, which was carried out by USA and Israel using a critical vulnerability in Windows that had been unknown to the public for about a decade (which means that anybody else who found it during this time could use it against the general public as a consequence of it being kept as a secret).
stop using iPhones ╮(︶▽︶)╭
I never said to get an Android either ╮(︶▽︶)╭
So no IPhone or Andoird.
Flip phones then? Or do I need to go back to a landline rotary phone?
<img alt="Rotational secure loRa salted frequencies impulses" src="https://ani.social/pictrs/image/42cbb7fb-0c18-4511-8ef3-a76b659a31ee.webp">
Unless you use GrapheneOS, iOS is more secure than Android.
yet iOS was exploited here 🤔
Less exploitable doesn’t equal unexploitable. The reason iOS was exploited here is because the journalist is using an iPhone, not because it’s easier to exploit iPhones.
<img alt="衛宮-esque logic" src="https://ani.social/pictrs/image/5590cd1a-8351-4f62-b24b-8eac222ba494.webp">
I wonder if opening unknown links in an Incognito session would have helped, or if he would’ve had to avoid opening them entirely.
Wikipedia says it’s “designed to be covertly and remotely installed on mobile phones running iOS and Android,” and has some detailed descriptions including:
“Google’s Project Zero documented another exploit, dubbed FORCEDENTRY, in December 2021. According to Google’s researchers, Pegasus sent an iMessage to its targets that contained what appeared to be GIF images, but which in fact contained a JBIG2 image. A vulnerability in the Xpdf implementation of JBIG2, re-used in Apple’s iOS phone operating software, allowed Pegasus to construct an emulated computer architecture inside the JBIG2 stream which was then used to implement the zero-click attack. Apple fixed the vulnerability in iOS 14.8 in September 2021 as CVE-2021-30860.”
Promises from Israel?!
I wish him well.
I swear to God behind every shady incident there is an Israeli company that enabled it
Yep. It’s especially pathetic when we consider how the average idiot has been brow-beaten into believing every conspiracy theory about Israel is just blind racist hate.
Zionists care about themselves above everyone else. There’s no limit to the amount of suffering they are willing to cause in order to achieve their goals.