Tue. Apr 23rd, 2024

Our mainstream media has messed up several concepts and facts which has confused the general public. Do understand that Pegasus, iOS Trident Vulnerabilities and Whatsapp miss call vulnerability (CVE-2019-3568) are quite different from each other (but related as explained below).

Pegasus is a fully fledged spyware which is created to spy on complete operating systems (we are aware of its samples of iOS and android it may have versions for other OS too which may not have been detected so far). Pegasus is the main spyware by Israel based NSO group which is an organisation that is damned interested in critical zero day or unpatched vulnerabilities related to Operating systems and applications. That being said it should be obvious that NSO will keep its spyware updated with the latest vulnerabilities they keep getting and in fact that’s what has been going on. NSO claims that they provide the spyware to authorised agencies of governments in a legal way to combat terror and crime but several times it has been found that their spyware has been used to spy on human activists, journalists etc.

What is Pegasus? पेगासस किसके लिए प्रयोग किया जाता है?
What is Pegasus? – पेगासस किसके लिए प्रयोग किया जाता है?

NOTE: Important thing to understand is there are many spywares in which you can find on internet (you can purchase and use them but please use for parental control or other legal use only) but what makes Pegasus special is not the spyware itself (of course all spyware do similar type spying on phones) rather the vulnerabilities that it comes with which helps it’s installation.

Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, accessing the target device’s microphone(s) and video camera(s), and gathering information from apps (everything what you would expect from a spyware).

IN 2016 Pegasus spyware was found in an IOS device (by Citizen Lab) and the installation of the malware was carried by Trident vulnerabilities (three vulnerabilities were there, explaining in simple non-technical terms they together would remote jailbreak your iPhone, would create hooks for applications so that they could be spied upon and data of your applications would be send to C&C server of the spyware). If you want to understand Trident vulnerabilities in technical terms do raise another question (the vulnerabilities have been patched long back by IOS). So NSO was reportedly attacking victims by sending links and as the victim would click on the link the trident vulnerabilities will lead the installation of spyware. iOS update with version number 9.3.5 fixes the Trident vulnerabilities. Pegasus was found for android also but the vulnerabilities it used or any technical details related to it was not openly posted.

In 2019 WhatsApp got a miss call related vulnerability CVE-2019-3568 : An RCE (remote code execution) in Whatsapp VOIP Stack via some crafted RTCP packets on the target device). What that means is someone could force third party files in your device by just making a miss call on your whatsapp (you pick that call or avoid it things would be same as the voice packets coming to your phone have pushed the file in it or better say made an attempt for that). Not much details about this vulnerability was posted by Facebook (which owns whatsapp) nor technical details were shared. It was revealed by Citizen Labs that the vulnerability was used to install Pegasus spyware in phones (the case they got for testing was a failed one though as till then whatsapp had patched the vulnerability). Also the miss call will be deleted from whatsapp logs. The vulnerability was used to drop the payload (inject the spyware) and for the rest the spyware would need other vulnerabilities depending on OS and its functionality. Say in IOS whatsapp is itself sandboxed just like other apps so to carry on things at root level it would need other vulnerabilities (which it needs to spy on applications or get their data). As the trident vulnerabilities were patched long back we can’t say how it would have completed its task in 2019 in iOS (it’s supposed to be for both iOS and android again). Unlike last time Citizens Labs (nor facebook itself) shared technical details so we can’t say much here. Even android also asks you to manually allow installation of apps and also for giving permissions to app so if you have to carry some sort of automation (installing the app and letting it spy) in android you do need some vulnerabilities to let that happen (i meant without letting the victim know what happened in background). Anyways NSO is known for such things.

Note: We can’t tell only from abuse of whatsapp vulnerability that someone was spied upon (do understand the fact that apps are very limited entities working in Operating Systems). To make sure what all happened at the OS level we do need a forensics of those devices.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *