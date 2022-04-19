Recent reports indicate that NSO’s now-titled spyware: Pegasus indirectly targeted the iPhones of Americans. This caused the company to prohibit its customers from infecting phones with American SIMs. Failing a bit in this mission, other devices were infected, this time from Catalan politicians, as well as others. At this point in the situation, it is suspected that the Spanish government was also responsible for this attack.

In addition, during this entire situation, another infected device could be verified. Connected to the 10 Downing Street network, the office of British Prime Minister Boris Johnson was also a victim of Pegasus.

Context

The NSO groupwho manufacture a spyware already named, Pegasus and that is sold to government agencies, as well as police. The company that buys what has been called zero-day vulnerabilities from hackers (this being unknown to Apple). It has been stated multiple times that their software is capable of mounting zero-click exploits where user interaction with the target is no longer required.

Basically all this has been reported and that with a simple reception of a certain iMessage it can allow an iPhone to be infected already. It should be noted that it does not matter if the user opened or interacted with said message, personal data will still be exposed.

This group can afford to set the rules for those who want to buy Pegasus. One of these conditions is that this program should not be used for hacking mobiles with US numbers. Probably to avoid infection in devices. So much so, that it has been declared a risk to national security, and the use of the Pegasus program within the United States is prohibited.

Pegasus indirectly attacked US iPhone

There are already several initiatives against this. The Canadian University of Toronto undertook with Citizen Lab. This peculiar response claimed to have evidence that this spy program had indirectly attacked US mobiles. The way he found this was with something known as “off-center targeting”:

Targeting friends, family, and close associates is common practice in some hacking operations. However, this technique allows an attacker to gather information about a primary target without necessarily maintaining access to that person’s device. In some cases, the primary target may also be infected. Although, in others this may be more feasible for multiple reasons. We were able to observe several cases of relational or “decentralized” attacks, spouses, siblings, parents, staff or close associates of the primary targets being attacked and infected with Pegasus. In some cases, these people may also have been targeted. However, no forensic information was available, and in others we found no evidence that a target was only infected with Pegasus, but that their relatives were a potential target. For example, a person attacked with Candiru had a US SIM card in their device and resided in the United States. We found no evidence that this person was infected with Pegasus. This is consistent with reports that most Pegasus customers cannot be directed to US numbers. However, both of the target’s parents use phones with Spanish numbers, and they were attacked on the day the primary target flew back to Spain from the United States. Neither parent is politically active nor is he likely to have been targeted for what he is or does.

In other words, texts and other messages sent by a US cell phone are an easy target to intercept using this hack. Especially due to a possible infection to the mobile phones of relatives, friends and other types of contacts or acquaintances of the target abroad.

Pegasus attack against the Catalans

Citizen Lab also was able to discover that at least 63 people in Catalonia have suffered from a Pegasus attack on their devices. While the Spanish government remains the main suspect at the moment.

The hack covers a spectrum of civil society in Catalonia, from academics and activists to non-governmental organizations (NGOs). Catalonia’s government and elected officials were also widely attacked, from the highest levels of the Catalan government to members of the European Parliament, legislators and their staff and family members. We cannot conclusively attribute the attack to a particular government. However, extensive circumstantial evidence points to the Spanish government […] With the consent of the targets, we obtained forensic artifacts from their devices which we examined for evidence of Pegasus infections. Our forensic analysis allows us to conclude with great confidence that, of the 63 people targeted by Pegasus, at least 51 were already infected.

Apple is already taking action, according to a report last week. The company warned senior EU officials that its iPhones had been hacked by Pegasus. Apple also proactively looks for signs of Pegasus infection on its iPhones. In this way you can send a warning signal to the victims.

Note that there is no need to read more iPhone reports than if they had Android. iOS makes it easier to detect when a device has become infected, with iPhones accounting for the majority of confirmed cases. However, this does not prevent a large number of Android phones from being infected and it could be even higher.

Direct attack on the British Prime Minister’s office

An article that is in the next edition of The New Yorker reveals that Pegasus also successfully attacked 10 Downing Street, i.e. to the British Prime Minister’s office: