Recently, Google’s information security team, Project Zero Team, analyzed Pegasus, a surveillance software that attacks iPhones. Experts said that it is the most advanced exploit attack technique they have ever seen.
Pegasus was developed by the Israeli intelligence firm NSO Group which is described as “military-grade” spyware. With Pegasus, hackers can use iMessage to send fake GIF files to spy on iPhones as long as they know the target’s phone number or Apple ID, Google experts said.
Most importantly, the attacked Apple user’s phone will be successfully compromised even if he or she doesn’t click to open the transmitted GIF file, because the virus program has taken advantage of the situation while analyzing the GIF file on the phone!
After hacking, the hacker can not only view important information such as passwords stored in the iPhone, but also manipulate the microphone for eavesdropping, and even use GPS to obtain the iPhone user’s general physical location. There are rumors that authoritarian groups will use this software to spy on dissidents, journalists and human rights activists.
Meanwhile, the Google team mentioned that similar surveillance software for Android has emerged in the form of “clickless attacks”, but samples of related research are still lacking.
Fortunately, the Pegasus attack against iPhone users was discovered by Apple in September this year, the system was urgently patched and updated, and the software developer was blacklisted by the U.S. government.