Apple has reportedly fixed the vulnerability in iOS 14.7.1.
The security notes don’t specifically mention Pegasus, but they refer
to “a memory corruption issue” that “may have been actively exploited.” more
Tuesday, July 27, 2021
Pegasus v. iPhone Update - iOS 14.7.1 Plugs the Loophole
Friday, July 23, 2021
Pegasus Spyware Update: How to Check Your iPhone
If you’re concerned about recent reports of the Pegasus spyware reportedly installed by the Israeli NSO Group to hack journalists and world leaders, there’s a tool to check if it’s hidden on your iPhone. But you probably have nothing to worry about...
But if you’re concerned, there’s a way to test whether your iPhone has
been targeted. It’s not an easy test, mind you, but if you’re using a Mac or Linux PC and have backed up your iPhone using it, Amnesty International’s the Mobile Verification Toolkit
will be able to detect whether your phone has the Pegasus spyware
installed on it. The tool, which TechCrunch tested, works using the
macOS Terminal app and searches your latest iPhone backup on your Mac,
“is not a refined and polished user experience and requires some basic
knowledge of how to navigate the terminal.” You’ll need to install
libusb as well as Python 3 using Homebrew. (You can learn more about the
installation here.) TechCrunch says the check only takes “about a minute or two to run” once it’s been set up. more
Monday, July 19, 2021
Pegasus Spyware Back in the News
India Today... Pegasus spying: how Pegasus is installed on phone, what it does, and how to get rid of it...
- Pegasus can be installed on vulnerable phones through a web link or a missed call.
- The spyware can steal passwords, contacts, text messages, and photos.
- The only way to avoid Pegasus after it has infected a phone is by getting rid of the phone.
Pegasus, developed by Israeli cybersecurity firm NSO Group, is a highly sophisticated spyware that has been referred to as the "most sophisticated smartphone attack ever". It was first noticed in 2016 but created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the globe, including in India. more
Tech Xplore... Pegasus spyware: how does it work?More recent versions of Pegasus, developed by the Israeli firm the NSO Group, have exploited weak spots in software commonly installed on mobiles.
In 2019 the messaging service WhatsApp sued NSO, saying it used one of these so-called "zero-day vulnerabilities" in its operating system to install the spyware on some 1,400 phones.
By simply calling the target through WhatsApp, Pegasus could secretly download itself onto their phone—even if they never answered the call.
More recently, Pegasus is reported to have exploited weaknesses in Apple's iMessage software.
That would potentially give it access to the one billion Apple
iPhones currently in use—all without the owners needing to even click a
button. more
Tuesday, May 25, 2021
Study: Are Smartphones Really Eavesdropping on our Conversations?
The study, from Tidio, asked over 1000 people (48.6% males, 49.8% females, and 1.6% declaring as non-binary) about their opinions and experiences, and the results are surprising. more
Wednesday, March 17, 2021
A Hacker Got All My Texts for $16
I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me. more
Tuesday, February 23, 2021
New iOS 14.5 Security Feature Will Stop Hackers in Their Tracks
In fact, Apple has already been taking steps to harden iOS 14 against one of the most common exploits — iMessage vulnerabilities — thanks to a very cool new technology dubbed ‘Blastdoor’. However, it looks like Blastdoor was only the beginning, with iOS 14.5 adding some new defences against “zero-click” attacks in general...
As the name implies, a “zero-click attack” is a method by which
hackers can take advantage of security vulnerabilities to get into your
iPhone or iPad without requiring any interaction on your part. more
Monday, February 15, 2021
Pretty Good Phone Privacy - Protects Both User Identity and Location
Abstract
To receive service in today’s cellular architecture phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations as operators sell and leak identity and location data of hundreds of millions of mobile users.In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators.
We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified back end stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy. more
BONUS... "It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers." a good summary explanation
Thursday, February 11, 2021
Spyware in Wallpaper, Restaurant and Games Apps
Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents, according to a leading cyber-security company.
The efforts were directed against individuals in Iran and 12 other countries, including the UK and US, Check Point said.
It said the two groups involved were using new techniques to install spyware on targets' PCs and mobile devices.
And this was then being used to steal call recordings and media files.
One of the groups, known as Domestic Kitten or APT-50, is accused of tricking people into downloading malicious software on to mobile phones by a variety of means including:
- repackaging an existing version of an authentic video game found on the Google Play store
- mimicking an app for a restaurant in Tehran
- offering a fake mobile-security app
- providing a compromised app that publishes articles from a local news agency
- supplying an infected wallpaper app containing pro-Islamic State imagery
- masquerading as an Android application store to download further software more