World News @lemmy.world MicroWave @lemmy.world 1y ago

Apple informs journalists Russia is targeting them with Pegasus spyware

www.businessinsider.nl Apple informs journalists Russia is targeting them with Pegasus spyware

Russia appears to be targeting journalists with spyware known as Pegasus. Pegasus is a "zero-click" software, hacking phones by sending texts that

Russia appears to be targeting journalists with spyware known as Pegasus.
Pegasus is a "zero-click" software, hacking phones by sending texts that don't need to be opened.
The software has targeted dozens of journalists, activists, and politicians in recent years.

60 comments

Pegasus is an Israeli product, are they selling it to Russia?
- Why not? Do you think US donations come with conditions?
- Yeah either something else is involved here or Israel is indeed selling Pegasus to literally any government that requests it. Let's not forget that NSO group is state funded so those deals clearly do have the approval from the Israeli government.
  
  Nothing to worry folks, here's what NSO said when it was used to target Khashoggi's inner circle as he was murdered and dismembered in the Saudi consulate:
  
  NSO denies any wrongdoing. It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records
- One of the key reasons for Israel's reluctance to help Ukraine win the war militarily is simple: It still works closely with Russia.
  
  Russia is important for Israel's military operations in neighboring Syria, where Israel has been carrying out airstrikes against Iran-backed militias, mainly those of Hezbollah.
  
  https://kyivindependent.com/on-support-for-ukraine-israel-performs-precarious-balancing-act-between-security-interests/
  
  Does this mention Pegasus at all?
Now inform everyone else that other countries are targeting with pegasus

*edit: spelling
- They do, and they’ve shared the counter measure (lockdown mode) with the world.
  
  If a nation state will individually target someone, they don’t need to doom scroll on insta (nor do they need to). Locking down the phone to the bare minimum for these kind of people is the appropriate level of response.
  
  How is this a solution? 🤔 and whats the "solution" for android?
  
  As much as I want to believe this is effective, all it looks to do is turn your phone into... a phone.
  
  If they can get cell records, they can track you.
  
  SMS isn't end-to-end encrypted, once it leaves your phone to the network it's fair game. Given that Russia controls Russian Telecom, you can be fairly certain that a phone call and an SMS are monitored.
  
  At that point, you're left with the old school one-time pad. And I can bet on Russia being Russia, so if they see a one-time pad in use, they're just going to pick you up and beat you ~~to death~~ until you talk.
What are the comments in here.. Lol. Anyone able to give a level-headed take on this article/topic? Cheers
At this rate an iPhone will just be Pegasus all the way down. 76 nation states and their rogue black ops will battle for pegasupremacy.

He who hacks harder wins.

(The above is not based on any fact)

But, seriously... 3 (known) years later and Apple doesn't have a fix for this?

Almost as if it's intentionally unpatched

Edit: fanboys are a tough crowd. Gheezus.
- It's not like Pegasus is exploiting a single bug in iOS, there are probably hundreds of different ways Pegasus got onto phones over the years. Known security bugs get patched.
  
  Pegasus isn't a single piece of software, it's a big toolkit, constantly updated. It's a race similar to ads vs. ad blockers.
  
  It's not a problem exclusive to iOS either. Pegasus works on Android phones as well.
  
  Code has been analyzed from several versions of it.
  
  Edit: the code and analysis report available here:
  
  https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
  
  (Edit: it amazes me how much people will defend/rationalize the most valuable corporation ever known to put more effort into the camera being placed 2mm to the left than an exploit that gets people killed.)
  
  That Apple (especially) can't mitigate against it is pretty damning.
  
  Regardless what Pegasus is made of, it exploits vulnerabilities. Use a rock, a bat, or hard boiled egg and you can break a cheap window. It's the window that is insecure. Not the methods used.
  
  A trillion dollar company ought to be able to put up a bit more than plexiglass.
  
  And the mega corps ought to be working together on this. Imagine if it got out into the wild.
  
  Remember spectre?
  
  https://en.m.wikipedia.org/wiki/Spectre_(security_vulnerability)
  
  I am not a lawyer.
- But, seriously... 3 (known) years later and Apple doesn't have a fix for this?
  
  Almost as if it's intentionally unpatched
  
  Pegasus constantly adapts, evolves, and changes overtime with how it works. Pegasus 3 years ago isn't the same as Pegasus today. Once a vulnerability is discovered and fixed, they find a new one to exploit and take advantage of. Its a constant battle.
  
  I'm not a big fan of Apple at all, but credit where its due, they have made a pretty good effort to patch Pegasus vulnerabilities whenever they come about, plus have added features like Lockdown Mode to help protect against it even further, etc. This article is literally about Apple even warning journalists to be cautious of it.
  
  Saying Apple is intentionally allowing Pegasus to happen, like you're claiming, is honestly laughable with all things considered.
  
  they have made a pretty good effort to patch Pegasus vulnerabilities whenever they come about,
  
  I mean, they kind of have to? What's the alternative, they leave it? Why are we applauding them for basically the bare minimum here?
  
  Apple's investment in discovering these problems seems pretty poor. There are multiple instances of Google finding exploits for them and then Apple downplays and complains about Google being too alarmist.
  
  Sure, they fix things. But they fucking better, or there's a very different problem. But their proactive investments in trying to discover them ahead of time seems pathetic.
- Make it preinstalled and put the hackers out of job. Taps forehead
Obviously we need multiple adversarial LLMs battling this out. Humans are not solving this problem.
This is just false.

Pegasus is not a "zero click software" which does not really mean anything. It's a spyware

If you don't have physical access to an unlocked device you need to exploit a vulnerability to install it. And what a lucky day, Apple has again failed to solve their zero click vulnerability around ImageIO and the sandbox of iMessages. This type of vulnerability has been recurrent for Apple products
- I don’t really get what you’re trying to say but I do wonder if maybe an internal apple employee is somehow working with the company that makes Pegasus and that’s why they continue to have exploits.
  
  No Pegasus and the device exploits have really nothing to do with each others. ~~And it's not a company that makes Pegasus~~ (it is, see below)
Is that their explanation for their radioactive phones? ☢️📱
- “Radioactive” implies ionizing radiation. The article you linked refers to electromagnetic radiation. Why are you spreading misinformation?
  
  Ignorance and stupidity.
  
  Lost your chance to use this meme:
- What the fuck kind of take is that lol?
  
  Read this:
  
  https://es.gizmodo.com/belgium-germany-review-iphone-12-radiation-violations-1850837759
- Google electromagnetic radiation
  
  Holy hell!

60 comments