Your Tech Story

Pegasus Spyware

Apple

Apple To Add ‘Lockdown Mode’ To iPhone Will Help From Pegasus And Govt Spyware.

According to a group of journalists and Amnesty International, NSO Group’s software has been used for years to follow government employees, journalists, and human rights campaigners. That’s in spite of claims made by the Israeli spyware company that it exclusively sells to law enforcement organizations that use it to apprehend criminals. The Pegasus spyware is intricate. In a nutshell, it works by utilizing zero-day, zero-click exploits on Android and Apple mobile devices. Zero-day exploits are vulnerabilities that have not yet been discovered by phone manufacturers and may frequently be remotely installed on a target’s phone using just a text message or other emailed link, requiring no user participation (thus the name “zero-click”).

Once Pegasus is installed, the NSO customer targeting the user can access and observe almost everything the target does on the phone. Pegasus spyware from NSO has been referred to be a danger to democracy. One of the reasons Apple launched a lawsuit against the corporation, aiming to prevent it from using Apple’s devices and services, is that it uses them to target journalists and human rights advocates. The NSO would have a considerably harder time locating zero-day flaws for Apple devices as a result.

Apple
Image source: tudocdn.net

However, Apple is not just relying on the legal system in its conflict with the NSO Group, Pegasus, and spyware producers worldwide. According to the firm, “Lockdown Mode” will soon be available on its iPhones, iPads, and Macs.

The feature is what Apple refers to as an “extreme” solution for users who may be targeted by Pegasus and other very sophisticated spyware, and it will be available this autumn as part of iOS 16, iPadOS 16, and macOS Ventura. It is clear why Apple views Lockdown Mode as excessive given that many iPhone functionality would become inaccessible when customers enable it. This is how it goes: Users can instantly activate Lockdown Mode in the Privacy & Security section of the Settings app if they suspect they may be at risk of or are informed that they are the targets of a spyware assault.

Users’ iPhones, iPad, or Mac will restart after selecting Lockdown Mode, and the following features won’t be available:

  • Except for photographs, all message attachments are in the Messages app from all senders.
  • Calls on FaceTime from individuals you have never FaceTimed before.
  • Several online browsing technologies, including cutting-edge ones like just-in-time (JIT) JavaScript compilation, are prohibited.
  • Requests for new shared picture albums and shared photo albums in the Photos app.
  • If the iPhone is locked, wired connections (using a USB cable) from the iPhone to another device are possible.
  • Apple Services invitations from users you have never engaged with before.
  • configuration profiles, like those employed by school networks or VPNs.

These prohibited features share the trait of regularly serving as delivery vectors for zero-day, zero-click vulnerabilities.

The majority of Apple users, thankfully, won’t ever need to worry about Lockdown Mode because they are unlikely to be targeted by sophisticated malware like Pegasus. Lockdown Mode, however, should be a major help for individuals who are in danger because it instantly closes all known malware access points to an iPhone.

Lockdown Mode will be made available to all users with the public release of these operating systems this autumn and is now present in the development betas of iOS 16, iPadOS 16, and macOS Ventura. This news came over a month after Italian spyware vendors RCS Lab and Tykelab Srl stated that new spyware code-named Hermit was aimed at high-profile government figures. After allegations that a number of journalists, opposition politicians, activists, and businesspeople were targeted by the Pegasus spyware, a zero-click Trojan virus created by NSO Group, the Pegasus controversy gathered traction in 2021. In essence, it gives cybercriminals complete access to the victim’s smartphone and all of its contents, including its photos and messages.

NSO Group

Apple Filed A Lawsuit Against NSO Group For Allegedly Targeting Over A Billion iPhone Users.

Apple has now joined WhatsApp and its parent company Meta (formerly known as Facebook) in suing NSO Group, the maker of Pegasus spyware. Apple says it’s “seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” along with promising new information about how NSO Group infected targeted iPhones via a zero-click exploit that researchers later dubbed ForcedEntry.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” says Senior Vice President of Software Engineering Craig Federighi in a statement.

Source: www.theverge.com

That must be changed… Apple products are the safest consumer electronics on the market, but private companies that create state-sponsored spyware have become even more dangerous.” Apple and WhatsApp aren’t alone in their legal battle with NSO Group; last year, Microsoft and Google joined Apple and WhatsApp in supporting Facebook’s lawsuit.
According to Apple’s press release, Pegasus spyware is designed to allow governments to remotely access a phone’s microphones, cameras, and other data on both iPhones and Androids. According to reports from a journalistic coalition called the Pegasus Project and Apple’s complaint from earlier this year, it’s also designed to infect phones without requiring any action from the user and without leaving a trace.

NSO Group
Image source: investing.com

Forced Entry Exploit By NSO Group

Despite NSO’s claims that its governmental clients are prohibited from using the spyware against journalists, activists, and politicians, Apple cites reports that the spyware has been used against them. It’s understandable that Apple, the company that says “what happens on your iPhone, stays on your iPhone,” would be irritated by its devices and services being used to commit “human rights abuses.”
In a statement to The New York Times, Apple’s senior director of commercial litigation Heather Grenier says the lawsuit is a “stake in the ground” meant to send a “clear signal” that the company will not tolerate “this type of abuse.” Apple claims that NSO violated Apple’s terms of service by creating “more than one hundred” Apple IDs to help it send data to targets, according to the complaint (PDF).
The Court has personal jurisdiction over Defendants because, according to information and belief, they created over one hundred Apple IDs to carry out their attacks and also agreed to Apple’s iCloud Terms and Conditions (“iCloud Terms”), which include a mandatory and enforceable forum selection and exclusive jurisdiction clause that constitutes express consent to this Court’s jurisdiction.
Apple’s complaint explains how the attack worked: NSO would send data to a target via iMessage (after determining that they were using an iPhone) that was maliciously crafted to turn off the iPhone’s logging using the Apple IDs it created. This would allow NSO to install the Pegasus spyware invisibly and control the data collected on the phone. According to Apple, the vulnerability that NSO was exploiting was fixed in iOS 14.8, which you can learn more about here. In short, NSO was sending files that took advantage of a flaw in the way iMessage handled GIFs and PDFs.
“We have not observed any evidence of successful remote attacks against devices running iOS 15 and later versions,” Apple says in a press release, citing improvements to iOS 15 security. Amnesty International stated in July when the Pegasus Project released its reports, that the latest versions of iOS (at the time, iOS 14.6) were vulnerable to attack.

Apple’s Persistent Efforts to Protect Its Customers

A number of new security features are included in iOS 15, including significant improvements to the BlastDoor security mechanism. While the NSO Group spyware is still evolving, Apple has yet to see any evidence of successful remote attacks on iOS 15 and later devices. Apple encourages all iPhone users to update their devices and always use the most up-to-date software.
In addition to the lawsuit against NSO, Apple says it will financially and technically support “organizations pursuing cyber-surveillance research and advocacy.” Citizen Lab, a group of researchers who were involved with the Pegasus Project and helped Apple discover and patch NSO’s exploits, has pledged to give free “technical, threat intelligence, and engineering assistance” to Apple in exchange for $10 million (plus any damages it wins from its lawsuit). Apple also says that “where appropriate,” it will do the same for other organizations.
NSO was recently added to the US Entity List, limiting the ways in which American companies can sell or provide technology to NSO. According to a report by the MIT Technology Review, the sanction has had a significant negative impact on NSO Group’s employee morale as well as its ability to conduct business. According to the report, the company must obtain permission from the US government to purchase items such as Windows laptops and iPhones, and the government has stated that its default decision is to deny such requests.