Apple iPhone and iPad users usually believe they are safe. There\u2019s no malware for iOS, they say. Apple does little to discourage the impression \u2014 the \u201cfruit company\u201d doesn\u2019t even allow antivirus solutions in its App Store, because, you know, allegedly they\u2019re not needed.<\/p>\n
The keyword here is allegedly<\/em>. There actually is malware in the wild that targets iOS users \u2014 it\u2019s been proved a number of times, and in August 2016 researchers proved it again by revealing the existence of Pegasus<\/a>, spyware capable of hacking any<\/em> iPad or iPhone, harvesting data about the victim, and establishing surveillance on them. That discovery made the whole cybersecurity world\u2026 uneasy.<\/p>\n At our Security Analyst Summit<\/a>, researchers from Lookout revealed<\/a> that Pegasus exists not only for iOS, but for Android as well. The Android version is different in some ways from its iOS predecessor. Let\u2019s shed some light on Pegasus and explain why we use the word \u201cultimate\u201d to describe it.<\/p>\n Pegasus was discovered thanks to Ahmed Mansoor<\/a>, a UAE human rights activist, who happened to be one of its targets. It was a spear-phishing attack: He received several SMS messages that contained what he thought were malicious links, so he sent those messages to security experts from Citizen Lab, and they brought another cybersecurity firm, Lookout, to the investigation.<\/p>\n Mansoor was right. If he had clicked, his iPhone would have been infected with malware \u2014 malware for iOS. For non-jailbroken iOS, to be precise. The malware was dubbed Pegasus, and Lookout researchers called it the most sophisticated attack they\u2019d ever seen on any endpoint.<\/p>\n Pegasus has been attributed to the NSO Group, an Israeli company whose bread and butter is developing spyware. That means the malware is commercial \u2014 it\u2019s sold to whoever is willing to pay for it. Pegasus relied on a whopping three zero-day (previously unknown) vulnerabilities in iOS that allowed it to silently jailbreak the device and install surveillance software. Another cybersecurity firm, Zerodium, once offered $1 million for an iOS zero-day, so you can imagine that it cost quite a bit of money to create Pegasus.<\/p>\n An emergency #iOS<\/a> update patches #0day<\/a> used by government spyware https:\/\/t.co\/VyDbMcHRGL<\/a> pic.twitter.com\/6U8nX0baXY<\/a><\/p>\n \u2014 Kaspersky (@kaspersky) August 26, 2016<\/a><\/p><\/blockquote>\nPegasus: The beginning<\/h2>\n
\n