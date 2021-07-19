Pegasus can infiltrate both Android and iOS devices, even the ones running with latest updates

Pegasus is a nasty piece of kit that is designed to infiltrate both Android and iOS. It was made by an Israel based company called NSO Group and is the limelight lately because it was used to target the phones of prominent journalists and activists. Even India isn't safe.

While the spyware can work on any smartphone, a detailed report from Amnesty International - a global organisation dedicated to fighting abuse of human rights - discovered that it was still using the iMessage exploit that was previously thought to have been fixed.



(1) @AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.

Citizen Labs' Bill Marczak who first discovered the exploit confirmed that it was still operational using Pegasus.

What makes this worrying is that a "zero-click" attack required no input from the user to trigger and are virtually undetectable and run in the background.

This particular iMessage exploit was thought to have been fixed by Apple after it was discovered but Bill Marczak confirmed that these still work on iPhone's running iOS 14.6.

The issue seems to be related to the BlastDoor framework that Apple introduced in iOS 14 to make zero click attacks harder but is not working as intended.