Google Explains Pegasus Hack of iPhones

One of the most technically sophisticated exploits.

Pegasus spyware from NSO Group, an Israel-based cyber security company, has been used to hack iPhones of a dozen U.S. diplomats. The revelation comes a month after U.S. officials blacklisted the NSO Group after a report that its foreign government clients used the software to spy over rivals, political activists, human rights workers and others.

Google has published a blog post explaining how the spyware was used for hacking into iPhones without users’ knowledge.

Google’s Project Zero team has posted the blog, and it calls it “one of the most technically sophisticated exploits”. The blog post says that the spyware is very sophisticated and indicates that what was available to a handful of nations and their governments is now openly accessible to many.

The blog also has explained how the spyware gets into your phone. Earlier, the one-click phishing route was used to hack into your phone. But now, NSO offers its clients zero-click exploitation technology, which requires no clicking of a phishing message. Instead, the hack works silently in the background. “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defense,” Google wrote in the post.

Google Pegasus NSO

The hackers need either the phone number or Apple ID of the user to hack into the system silently.

The hack rides on the back of GIF files in iMessage to target users. The GIF is used to sneak in a PDF file into an iPhone. Then the PDF file targets images and texts and virtually builds a parallel command center to carry out spying over all your computer or device activities.

“Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture…which they use to search memory and perform arithmetic operations. It’s not as fast as Javascript, but it’s fundamentally computationally equivalent,” the blog reads.

The hackers need either the phone number or Apple ID of the user to hack into the…