13/09/2021
After expose by Philip Etale on Pegasus spyware, many social media users have been asking themselves just how does Pegasus spyware infect phones?
The Pegasus spyware can infect the phones of victims through a variety of mechanisms. Some approaches may involve an SMS or iMessage that provides a link to a website. If clicked, this link delivers malicious software, or malware, that compromises the device.
Others use the more concerning ‘zero-click’ attack where vulnerabilities in the iMessage service in iPhones allows for infection by simply receiving a message, and no user interaction is required.
The aim is to seize full control of the mobile device’s operating system, either by rooting (on Android devices) or jailbreaking (on Apple iOS devices).
Usually, rooting on an Android device is done by the user to install applications and games from non-supported app stores, or re-enable a functionality that was disabled by the manufacturer.
Similarly, a jailbreak can be deployed on Apple devices to allow the installation of apps not available on the Apple App Store, or to unlock the phone for use on alternative cellular networks. Many jailbreak approaches require the phone to be connected to a computer each time it’s turned on (referred to as a tethered jailbreak).
Rooting and jailbreaking both remove the security controls embedded in Android or iOS operating systems. They are typically a combination of configuration changes and a ‘hack’ of core elements of the operating system to run modified code.
In the case of spyware, once a device is unlocked, the perpetrator can deploy further software to secure remote access to the device’s data and functions. This user is likely to remain completely unaware.
