In the sphere of information technology, cyber security plays a critical role. In today’s world, protecting information and data security has become one of the most difficult tasks.
Today in Geopolitics cyberspace has also become very important as it is the new warzone which can not only temper their internal security but economy too. Use of spywares, trojans and many malicious worms has increased exponentially, so we have tried to write an article by our own on one such spyware which was also a hotshot topic few times back \"Pegasus\".
Today, a cyber-attack will affect more people than any conventional attack .Though various steps have been taken in India to combat these attacks, but still there are some cyberweapons which are affecting the privacy and cyberspace at international level. There are some spywares which became popular like Stuxnet, DUQU, Botnet etc.as they became a threat to Confidentiality, Integrity and Availability of a nation.
Introduction
I. INTRODUCTION
Today we live in the modernized world which is very competitive in every aspect and every country or organization wants their supremacy over their arch rivals. With the popularity of cyber techniques around the world, cyberspace has taken the place of war fields not entirely but majorly because through it we not only can easily disrupt internal security of any nation or organization but it can also temper their economic condition. In recent past, we have seen many such cases like Australia being attacked by China, US affecting Venezuela’s condition Israel developing Pegasus and many more.
It sums that every nation is investing in developing their cyberspace stronger because everyone knows that it plays a vital role in today's geopolitics. According to many researches it’s found that primarily spywares have been used in many high- profile global instances.
Spyware is a malicious code, which enters your computer device, steal information and secretly deliver it to the third party without the consent of the user. Spywares can obtain owner’s private information. It can have a list of websites visited , lists of passwords and credit card numbers .
Pegasus is a piece of malware categorized as spyware. The initial version of it adopted the mobile-first strategy." Pegasus" is the name of the winged horse of Greek Mythology. It is analogical to the winged horse as it is a kind of Trojan horse that can be sent "flying through the air " to infect phones secretly and specifically android and iOS versions. Pegasus uses zero-day vulnerabilities (weakness or error in the system which is disclosed but not yet patched), code obfuscation (to make code difficult to understand), and advanced encryption. The user does not need to click on the message or anything to activate the malware.
According to the NSO group founders, it was said that "We're a total ghost", which means claiming to be invisible. The intention behind the development of this Pegasus software is to help government bodies to prevent criminal activities. Gmail, Facebook, WhatsApp, Telegram, Apple's built-in messaging, and email applications are all vulnerable to it. It can be installed without the phone owner ever knowing. It is designed for mobile devices to gain access to the device and retrieve the data from the device without the user's consent. After stealing the data, it is delivered to the third party i.e. NSO's group server.
II. WORKING
At initial, it `used to gain access through a malicious web link through messages or email then it used to get installed automatically on clicking the link.
After some updates , it can be installed automatically even by giving a missed WhatsApp call. It uses the framaroot technique which is capable of rooting android devices without the need of a computer or any other devices. In iOS devices, it relied on Zero- Day Vulnerabilities.
Let's take the example of WhatsApp. In a normal device, the communication is like
WhatsApp ? Kernel.
But if the device is infected by Pegasus, then the change in communication will be like
WhatsApp?Pegasus?Kernel
which means all the information will be passed from the Pegasus first.
The workflow of Pegasus software is as follows:-
The attacker enters the contact details of the victim.
It first goes with vulnerability. Using the vulnerabilities of the device, it can have full access to the device.
Through spear phishing, the attacker sends the installation request to the victim via text or mail.
The victim will click on the received request.
After clicking on the link, the malicious code of the spyware will start installing.
Then it will check whether the device is OS supported? If it is OS supported, then it will install a spy agent on the device.
When the installation process is completed, it will be ready to collect and transmit data to an unknown location.
It can easily access our end-to-end encrypted files as well as messages and can decrypt with ease.
It can leak the information to the third-party server.
III. AFFLICTION
It can do all different things like going through messages, checking videos, making phone calls, accessing call logs, tracking the location, can also turn on the microphone and camera as well as can have access to deleted content.
It can even give root access to the third party, which means they can easily also give access to the mic and camera to them.
It can be installed on the device via physical touch, Text or email, or a message.
It is undetectable and untraceable because it leaves zero footprints of hacking. After adding the malicious codes through missed calls, it deletes call logs immediately.
It has a watch on the battery status of the device.
It analysis the current connection status, to transfer data across the web.
IV. WORKFLOW IN IOS
Firstly, it downloads some zip files on the device. Then it creates a fake Certificate of Authority to trust data encrypted by the attacker. iOS does not allow those codes which are not verified by a third party. To avoid this, the attacker installs a JavaScript file that executes the unverified code at the reboot time to jailbreak the device. To remain undetected in the memory occupied by running programs, Pegasus injects its code into the running process. After that, to monitor your running programs traffic, it installs the sniffer tool. A program named Daemon is installed by Pegasus itself to share the files present in the system to the outside server. It then installs the self-destruct feature, which makes Pegasus untraceable. Then it switches off the iOS device's deep sleep mechanism.
V. WORKFLOW IN ANDROID
It is known as Chrysaor meaning the one who has a golden sword. It is the name of the brother of Pegasus. It uses an android rooting approach called framaroot. It is third-party software. It asks the user for permission to access by pretending itself as trusted software. After the installation, it will remove the system update app and disables the automatic update. It disables the WAP push feature means we cannot go to a specially encoded message which includes a link to a WAP or WWW address. It then exfiltrates the data and shares the files present in the system with the outsider.
VI. CONCERN FOR MASS
NO, we should not be concerned about this spyware because it is very expensive and thus likely to be used by large organizations, and it also necessitates sophisticated handling. Even after that, if you believe you may become a victim of this spyware, doing the following can protect your device from attack of Pegasus-
One of the most fundamental approaches is to keep the device's operating system and other apps up to date.
Only open links or messages sent to you by recognized and trusted contacts on your device.
You should avoid using public Wi-Fi services.
Always keep a backup of any importantdata on your device.
Avoid downloading the apps from the third party resources .
When any app asks for permission , don't give special authorisation to it even if it claims.
Think before you click.
VII. HOW TO GET RID?
The worst part about Pegasus Spyware is that we can't figure out how it got onto our device. Once inside, it can destroy our privacy, but we can track it down with the help of some forensic tests. Simple steps to remove Pegasus explicitly could include restarting your phone, and that in some cases can temporarily remove the spyware's access to your device. Always install software updates as soon as they become available, and if you are a victim, remove iMessage on your iPhone for the time being.
Conclusion
We rely on our mobile devices to store and access our digital assets, even it is a primary source to transfer money and communication .Attackers see our mobile devices as a very easy target. NSO has generated millions of dollars by selling such a attacking software acting like a cyberweapon dealer. This emphasizes the necessity of keeping our devices up to date with the most recent updates and maintaining awareness about mobile device security.
References
[1] https://www.gcsp.ch/global- insights/geopolitics-and
[2] https://www.drishtiias.com/printpdf/pegasus- spyware
[3] India Future Foundation Analysis on Pegasus Spyware
[4] https://www.nytimes.com/2022/01/28/magazi ne/nso-group-israel-spyware.html
[5] https://eurasiantimes.com/pegasus-spyware- controversy-israel-deletes-65-countries-from- its-cyber-export-list/
[6] https://www.researchgate.net/publication/357 956844
[7] Pegasus Spyware – “A Privacy Killer” by Ajay Chawla