@geeks, Some questions about the Pegasus spyware scandal.

292°
Deal Subedar
teriab33

Could you please confirm if my understanding about the Pegasus spyware is correct.

Reading through the available media articles, what i can make out is that, the victim receives an unsuspecting URL through an email or message, when clicked the Pegasus spyware gets installed and opens a backdoor Inside the mobile phone’s OS.

For this method of Pegasus remote spyware deployment to work, one should assume that all these high profile people are fools to click open a link. Which I don’t think that everyone who was been tracked are really stupid to do this. These high profile personnel / company lobbyists / govt officials etc mush have already been coached about such security flaws by their security team or their social circle.

Or is there something that we actually don’t know, like an official backdoor / api already exists for each mobile OS, which the higher authorities have access to and Pegasus is only a third-party app that lets you login to these api and access the information on the target device without having to install anything.

what do you think?

@andromeda @guest_999 and other geeks here.

36 Comments  |  
16 Dimers
  • Sort By
Analyst Analyst
Link Copied

This is my understanding in general. Experts, feel free to correct me if I’m mistaken.

Pegasus is a type of sypware. Either one can install without taking any alternative approach or have it installed via other methods. Clicking a URL can give consent to install spyware. Although it is easy to target this way, everyone may not do the same.

There are other methods like binders, or disguising the spyware in form of an image/document etc.

Binders are software which can bind two different files. So a spyware can be binded to an image/document/audio/video, and when the file is opened for accessing the content, the spyware can do its job(taking control) in the background.

Disguising is nothing but plain change of extension from .exe to .pdf so that it looks like an pdf document. When opened, it will not render any useful content, but the spyware can get executed in the background.

Usually spyware take advantage of the loopholes in the system(os). This is where OS makers patch the system from time to time, ie to close those backdoors (may be unintentional). Depending on the sophistication of spyware, either they can be removed upon reset or they can never be removed. This again depends on the access to the system(OS).

Even for that matter, the xl sheet we download for income tax returns has scripts in it, and xl always asks if we wish to run the script (Enable Content). Many things can be done via this method.

When it comes to ITR xl sheet, one damage it does is to disable drag and drop, and other nifty features which we use in day-to-day life after we enable the content in the xlsheet. I have another script handy to run to enable those features which are disabled. Likewise, many things can be done in the background.

PS: I havent read much about pegasus.

Critic Critic
Link Copied

No need to click, Pegasus is an example of a top grade spyware developed by a state actor(Israel in this case) & such spywares exploit vulnerabilities which don’t depend on any user action(like clicking/viewing etc by user) & need to just be send by the attacker to target system(pc/mobile). That is why there is no 100% online security in the world & most important security infrastructure is usually situated in underground bunkers with no net access/completely independent offline systems.

Deal Cadet Deal Cadet
Link Copied

“The victim receives an unsuspecting URL through an email or message when clicked the Pegasus spyware gets installed and opens a backdoor inside the mobile phone’s OS”

To install an executable file we don’t have to click on a URL, it can be an image as well. In a simple way, a good morning coffee cup/beautiful girl image is enough!! smile

Critic Critic
Link Copied
Nighthawk69 wrote:

“The victim receives an unsuspecting URL through an email or message when clicked the Pegasus spyware gets installed and opens a backdoor inside the mobile phone’s OS”

To install an executable file we don’t have to click on a URL, it can be an image as well. In a simple way, a good morning coffee cup/beautiful girl image is enough!! smile

Not even an image, it is possible to exploit a vulnerability by just sending a specially crafted text msg using nothing but letters & special symbols.

Deal Lieutenant Deal Lieutenant
Link Copied

Pegasus doesn’t need anyone to click on a link, it can be done by just giving you a missed call on whatsapp or a imessage on IOS.
That is why so much hype for this. Facebook has even sued NSO in America as whatsapp promises end to end encryption and Pegasus breaks it.
Also this doesn’t go away even if you do factory reset. It is that sophisticated.

Deal Cadet Deal Cadet
Link Copied

I have no idea about this but a software guy said on news that this can be installed by giving a missed call on WhatsApp.

Deal Subedar Deal Subedar
Link Copied

Let me tell you a small story:

In the 2005-2010 era, US wanted to take down Iran’s nuclear programs without even bombing or using any military attacks; so what they did was that they loaded a computer worm in thousands of USB-flash drives and just dropped them around those nuclear sites, laying there on the dusty ground.
Now human’s have an ingenious curiosity and so most of them ignored those pendrives lying on the street while couple of them got curious and picked them and inserted into the system to check what was there… and bam, the worm went through it’s way all to the main power systems and what it did was just a small thing: It just removed the rpm threshold of the centrifuges and this caused the whole facility to tear down from within. The whole nuclear centrifuges blasted and went kaput killing all those involved on the site.

Just a good read… now it’s up to you to get the gist of it wink

Deal Cadet Deal Cadet
Link Copied
BlueFlash wrote:

Let me tell you a small story:

In the 2005-2010 era, US wanted to take down Iran’s nuclear programs without even bombing or using any military attacks; so what they did was that they loaded a computer worm in thousands of USB-flash drives and just dropped them around those nuclear sites, laying there on the dusty ground.
Now human’s have an ingenious curiosity and so most of them ignored those pendrives lying on the street while couple of them got curious and picked them and inserted into the system to check what was there… and bam, the worm went through it’s way all to the main power systems and what it did was just a small thing: It just removed the rpm threshold of the centrifuges and this caused the whole facility to tear down from within. The whole nuclear centrifuges blasted and went kaput killing all those involved on the site.

Just a good read… now it’s up to you to get the gist of it wink

Indeed it’s a good story.. Thanks for sharing laughing

Deal Cadet Deal Cadet
Link Copied

I think they are using open listening ports of system, or vulnerabilities of system applications.
Click links like hacking is used by entry level hackers. If you see their turn over, they might be even directly deploying spyware even with pre installed OS and apps.

Deal Cadet Deal Cadet
Link Copied

I dont think a whatsapp call can install anything. Unless you give permission to a link or a file or a pic nothing get executed. Spyware always get installed when they are disguised as a url/file/pic. And if spyware cant be removed then it can be removed via factory reset unless the mobile is rooted/jai broken.

If there are real people who got pegasus on their phone, then they are the ones who didnt care of clicking/taping on something unknown.

Even if they got an unknown message or a call or a whatsapp call, what was the need to get attracted to it ?

Deal Subedar Deal Subedar
Link Copied

Nope most people click on links that they receive, curosity gets the better of them. Yes they are aware of not entering any personal details or installing apks from random links. Common understanding is you dont suddenly get hacked for just clicking some link and doing nothing else. This is a case of targeted attack (or atleast what it is being called).

Critic Critic
Link Copied
bridges wrote:

I dont think a whatsapp call can install anything. Unless you give permission to a link or a file or a pic nothing get executed. Spyware always get installed when they are disguised as a url/file/pic. And if spyware cant be removed then it can be removed via factory reset unless the mobile is rooted/jai broken.

If there are real people who got pegasus on their phone, then they are the ones who didnt care of clicking/taping on something unknown.

Even if they got an unknown message or a call or a whatsapp call, what was the need to get attracted to it ?

Completely wrong bro. Just to give an example, you can hack into forum like this just by creating a special user ID/password if there is a sql injection vulnerability present in the site. Same way, there are vulnerabilities in any OS which don’t require user to do anything. What do you think happens when a sms/text message comes to your phone, all those letters & words are just output of your phone/pc converting the underlying binary code by processing it. Just because you didn’t open your sms/texts doesn’t mean your devices has not already processed the received binary data.
@igen

Pro Shopping Friend Pro Shopping Friend
Link Copied

May be thru fake whatsapp update, so some vulnerability in WA than OS

Critic Critic
Link Copied
caks2006407 wrote:

May be thru fake whatsapp update, so some vulnerability in WA than OS

You can’t “fake update” any app on android without compromising the device/play store app version first. Pegasus is confirmed to be a top class spyware able to work on even latest iOS so vulnerability is most likely in both in both whatsapp & OS.

Analyst Analyst
Link Copied
caks2006407 wrote:

May be thru fake whatsapp update, so some vulnerability in WA than OS

The vulnerability is at OS level. Whatsapp, sms, etc are just gateways to reach that

Deal Lieutenant Deal Lieutenant
Link Copied
-LEAD-DEAL- wrote:

Its a hoax.

A company is earning billions of dollars as revenue selling it, caused a big scandal with many countries involved and you are telling it’s a hoax.

Deal Lieutenant Deal Lieutenant
Link Copied

…Google and apple gave consent to US authorities and US secret service actively uses these back doors to interact ( steal info ) from the users.

…Pegasus is like an IT weapon which works by forcing open those doors and reveal the info….

….Now the thing is Google and other big software makers are smart….howsoever hard you try to disable windows update or google update or whatever they will turn it on internally ….these are legal or verified ways by which software do KYC everyday smile

….but the dark secrets are the unknown doors which are used by spies….pegasus is not the best software in this regard….many more sophisticated softwares are in use since 2011…

….IT big companies and capitalist govt. are working in tandem to increase their authority….

Deal Cadet Deal Cadet
Link Copied

This Government has been striving hard to steer the nation through its most difficult times. Don’t fall prey for the enemy conspirators. They nation is in trusted hands.

Critic Critic
Link Copied
-LEAD-DEAL- wrote:

This Government has been striving hard to steer the nation through its most difficult times. Don’t fall prey for the enemy conspirators. They nation is in trusted hands.

Then why are you even posting here, trust your nation which is in trusted hands to solve all the problems automatically irrespective of what others say or do. laughing

Deal Subedar Deal Subedar
Link Copied

It could also have been added to an App update in Google Playstore or Apple or even sneaked in as an OS/Software update of Android/Apple phones. I mean, who knows what all “security updates” we keep receiving in windows/phones

Deal Lieutenant Deal Lieutenant
Link Copied
-LEAD-DEAL- wrote:

This Government has been striving hard to steer the nation through its most difficult times. Don’t fall prey for the enemy conspirators. They nation is in trusted hands.

Bro you didn’t understand the issue. If the government says that they were spying on Indian citizens, then it is big issue. Not that governments don’t spy but the extent it was used on politicians,journalists,judges,etc. Note. under the license agreement Pegasus is to be used for spying on terrorists and big criminals.

If the Indian government denies spying then also it is a big national security issue. That means some other countries are spying on Indian citizens…. isn’t that a big threat.

Critic Critic
Link Copied
Ramta_Jogi wrote:

It could also have been added to an App update in Google Playstore or Apple or even sneaked in as an OS/Software update of Android/Apple phones. I mean, who knows what all “security updates” we keep receiving in windows/phones

Check the forensic methodology report of pegasus working on amnesty international site, it was not deployed via app/os/store update.

Deal Cadet Deal Cadet
Link Copied
Expand
LightYagami wrote:

Bro you didn’t understand the issue. If the government says that they were spying on Indian citizens, then it is big issue. Not that governments don’t spy but the extent it was used on politicians,journalists,judges,etc. Note. under the license agreement Pegasus is to be used for spying on terrorists and big criminals.

If the Indian government denies spying then also it is a big national security issue. That means some other countries are spying on Indian citizens…. isn’t that a big threat.

The nation has just came out of the millennium-old slavery to foreign ideologies. We cannot afford to make the same errors again. The charioteers of the nation will take the best decisions in order to safeguard the nation and its interests. Even if the Government has done it, it has to remain tactical in owning/disowning it. They are doing a brilliant job in managing the perception. You have to admit.

Deal Lieutenant Deal Lieutenant
Link Copied
Expand
-LEAD-DEAL- wrote:

The nation has just came out of the millennium-old slavery to foreign ideologies. We cannot afford to make the same errors again. The charioteers of the nation will take the best decisions in order to safeguard the nation and its interests. Even if the Government has done it, it has to remain tactical in owning/disowning it. They are doing a brilliant job in managing the perception. You have to admit.

Yes I know “They are doing a brilliant job in managing the perception” I’ll admit that.
So let us acknowledge that “ache din” is also a “hoax”.

Dimer Of The Year 2014 Dimer Of The Year 2014
Link Copied

While you follow the Pegasus spygate stories, remember that it costs $7-8 Million per license, and one license can be used on 50 phones.

It throws off ALL data – calls, messages, keystrokes, remote activation of camera + microphone… complete access. What this means is that a significantly large team is required to sift through it all.

It isn’t mass surveillance automatically looking for keywords in conversations, it’s targeted and total surveillance of a small group of individuals… Someone is manually going through it all.

This raises an important question that won’t be answered today… who are these people doing the snooping?

We know it’s the govt, but who in it? It’s likely it’s under MHA, but someone must follow up exactly who… the potential for misuse and blackmail is tremendous.

The answers might be shocking to say the least. It’ll be headed by someone trusted and someone whom the duo have absolute control over, but the individuals actually sifting through data are important.

Are they govt staff, or did it all get outsourced? What are the safeguards?

It’s illegal government surveillance, but what makes it worse is that there is no guarantee the data even stays with the govt… what if it’s sold to private business interests who now have leverage over judges, ministers and officials? What if it’s leaking to foreign nations?

They’ll try to cover up all details with the national security bogey, but their illegal surveillance for political control is actually a threat to national security.

They want to break encryption, but if it goes, all our top leaders will be easy targets for foreign surveillance. And for unscrupulous business interests. We already know a major Indian company has a huge surveillance apparatus that it uses!

Encryption and privacy actually protects national security, by weakening it, they get politically stronger but weaken the security of India.

The nation deserves answers, and silence by claiming national security should not be accepted!

The process followed, permissions obtained (or not) are important aspects!

I expect this to be raised in Parliament, but friends in the media who care, please stress in your reportage why this is so important for the future of India.

https://twitter.com/ShivamShankarS/status/14167...

Deal Cadet Deal Cadet
Link Copied
Expand
LightYagami wrote:

Yes I know “They are doing a brilliant job in managing the perception” I’ll admit that.
So let us acknowledge that “ache din” is also a “hoax”.

See, by evolution everyone is a selfish individual pursuing self-preservation. The concept of nation cannot exist unless there is a perception of commonality. Common aspirations and common dangers. The role of the ruler is to master these two emotions. The nation would make progress in its own rite. We have paid great price for the lack of emotion cohesion. Not any more. Akhand Hindurasthtra can only be re-created when people stand by the ruler and not get distracted by petty incidents.

Again, “Acche” and “Bure” are matters of perception. For example, people used to launch protests for fuel hikes during the KHANgress regime. Today, people don’t. This is the realization, that the leaders and the guardians of this nation are chasing a far greater goal. And they have successfully percolated the perception in every individual. Give credits where its due.

Regarding so-called snooping on Ju^ges, CMs, MPs: People must be kept in check. You don’t need to snoop, the very prevailing sense that the government is omniscient, will serve as vaccine against the antinationals and would-be-antinationals. That’s what the target is. Prevention by self-censorship… Lastly, soon day will come when only real deshbhakts will be promoted to important posts, so that mechanisms for “keeping in check” is not required. Some sort of a social credit system is important and is imminent.

I am against snooping… You get that. But, you need snooping to get to a stage where snooping is not required.

Critic Critic
Link Copied
Expand
-LEAD-DEAL- wrote:

See, by evolution everyone is a selfish individual pursuing self-preservation. The concept of nation cannot exist unless there is a perception of commonality. Common aspirations and common dangers. The role of the ruler is to master these two emotions. The nation would make progress in its own rite. We have paid great price for the lack of emotion cohesion. Not any more. Akhand Hindurasthtra can only be re-created when people stand by the ruler and not get distracted by petty incidents.

Again, “Acche” and “Bure” are matters of perception. For example, people used to launch protests for fuel hikes during the KHANgress regime. Today, people don’t. This is the realization, that the leaders and the guardians of this nation are chasing a far greater goal. And they have successfully percolated the perception in every individual. Give credits where its due.

Regarding so-called snooping on Ju^ges, CMs, MPs: People must be kept in check. You don’t need to snoop, the very prevailing sense that the government is omniscient, will serve as vaccine against the antinationals and would-be-antinationals. That’s what the target is. Prevention by self-censorship… Lastly, soon day will come when only real deshbhakts will be promoted to important posts, so that mechanisms for “keeping in check” is not required. Some sort of a social credit system is important and is imminent.

I am against snooping… You get that. But, you need snooping to get to a stage where snooping is not required.

@admin He wants to be “ruled” so I hope you let him have a little taste of what it means to be ruled by correcting his posts & giving a “temporary sentence” maybe . laughing

Missing