The recent outbreak of the Pegasus spyware has highlighted about the Zero-Click attacks. Read on to know more about it…
A massive security breach and data leak was discovered by 17 media organisations and Amnesty International’s Security Lab, indicating widespread and ongoing abuse of Pegasus, a hacking spyware that can infect iPhones and Android based devices and allow hackers to secretly extract messages, emails, and media, as well as remotely record calls and activate microphones.
About Zero-Click Attacks
In the previous version of the spyware, the remote hacking process or the spying activities involved the victim clicking on a malicious web link sent to them in a text or email known as spear-phishing. However, in the latest version of the spyware does not require user involvement and instead relies on “Zero-Click” vulnerabilities in the operating system in order to spy on the unsuspecting users. The Zero-Click attacks are capable of remotely infiltrating a device with the help of spyware. As a result of this new attack, the Zero-Click technology has become one of the most lethal malware that threatens people’s privacy.
To get remote access to the victim’s mobile device, the spyware looks for zero-day security vulnerabilities, which are flaws in the operating system that have not yet been identified and hence have not been patched. Instead than relying on human error to get access to a user’s mobile device, it relies on flaws or bugs in the software, hardware or the firmware system.
For example, Amnesty’s Security Lab and Citizen Lab recently discovered that an iPhone running iOS 14.6 could be hacked and Pegasus spyware installed using a Zero-Click iMessage exploit.
Working Mechanism
Making a WhatsApp call is all it takes for the hacker to gain access to the OS and activate the remote malicious code. The Pegasus spyware modifies the call log once it is installed on the victims’s phone, so the user is unaware of what transpired.
Commenting on the latest developments of Pegasus malware, Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab told ‘The Guardian’, said “When an iPhone is compromised, it’s done in such a way that allows the attacker to obtain so-called root privileges, or administrative privileges, on the device,” He added “Pegasus can do more than what the owner of the device can do.”
According to cybersecurity firm Incognito Security, NSO Group discovered three zero-day vulnerabilities in iOS that allowed them to gain remote access to the mobile devices. Previously, only jailbroken iPhones were vulnerable to such attacks. However, Pegasus spyware now jailbreaks the iOS devices without the user’s knowledge and gains complete remote access of the victim’s mobile device.
The method of gaining root access to an iOS device is known as jailbreaking. Through the process of jailbreaking, an iPhone is no longer reliant on Apple for its exclusive source of apps.
To gain malicious control over a non-iOS device, an Android rooting method called framaroot was developed by the attackers. The Android version of Pegasus was dubbed Chrysaorand by Google, and security updates were installed.
Despite security updates, Android and iOS smartphones were hacked, according to Amnesty International. Another appealing method for the attackers is to use already installed software, such as iMessage, to increase the number of devices that can be hacked.
Recent Zero-Click Attack
This exploit shows that Apple has a major blinking red five-alarm-fire issue with iMessage security that its BlastDoor Framework which is introduced in iOS 14 to make Zero-Click exploitation more difficult is not successfully working.
Apple, the maker of iPhones, condemning the use of the Zero-Click exploit against journalists, lawyers, and human rights advocates, issued the following statement to ‘The Guardian’
“Apple unequivocally condemns cyber-attacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market.”
Apple also said that security was a dynamic field and that its BlastDoor was not the end of its efforts to secure iMessage.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” it said. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
A Brief Conclusion
Since the Zero-Click attacks directly target the operating system, they are difficult to detect. To stay secure, users must make sure that their device’s software and apps are up to date, and that any apps they use are downloaded directly from the Google Play Store or Apple’s App Store.