Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pegasus Spyware. Show all posts

Apple Alerts Pegasus-like Attack on Indian Activists and Leaders

 

On July 10, two individuals in India received alarming notifications from Apple, Inc. on their iPhones, indicating they were targeted by a “mercenary” attack. This type of spyware allows attackers to infiltrate personal devices, granting access to messages, photos, and the ability to activate the microphone and camera in real time. Apple had previously described these as “state-backed” attacks but revised the terminology in April. 

Iltija Mufti, political adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of the Samruddha Bharat Foundation, reported receiving these alerts. Both Mufti and Deshpande confirmed to The Hindu that they had updated their phones and planned to have them forensically examined. A spokesperson for Apple in India did not provide an immediate comment. 

Although the alert did not specifically mention state involvement, it cited Pegasus spyware as an example. Pegasus, developed by the Israeli NSO Group Technologies, is exclusively sold to governments. The Indian government has not confirmed or denied using Pegasus and declined to participate in a Supreme Court-ordered probe into its deployment. This is the first instance in months where such spyware alerts have been issued. 

The last known occurrence was in October, when Apple devices belonging to Siddharth Varadarajan of The Wire and Anand Mangnale of the Organized Crime and Corruption Report Project received similar warnings. Forensic analysis later confirmed they were targeted using vulnerabilities exploited by Pegasus clients. Both Mufti and Deshpande criticized the Union government, accusing it of using Pegasus. Mufti stated on X (formerly Twitter), “BJP shamelessly snoops on women only because we refuse to toe their line,” while Deshpande highlighted the government’s misplaced priorities, focusing on deploying Pegasus rather than addressing India’s significant challenges. 

An international investigation in 2021 by the Forbidden Stories collective exposed widespread targeting of civil society organizations, opposition politicians, and journalists with Pegasus spyware. The Indian government denied illegal activity but did not clearly confirm or deny the use of Pegasus. Alleged targets included Rahul Gandhi, former Election Commissioner Ashok Lavasa, student activist Umar Khalid, Union Minister Ashwini Vaishnaw, the Dalai Lama’s entourage, and individuals implicated in the 2018 Bhima Koregaon violence.

Russian Exiled Journalist Says EU Should Ban Spyware


The editor-in-chief of the independent Russian news site Meduza has urged the European Union to enact a comprehensive ban on spyware, given that spyware has been frequently used to violate human rights.

According to Ivan Kolpakov, Meduza’s editor-in-chief based in Latvia, it was obvious that Europeans should be very concerned about Pegasus in light of the discoveries regarding the hacking of his colleague Galina Timichenko by an as-yet-unconfirmed EU country.

“If they can use it against an exiled journalist there are no guarantees they cannot use it against local journalists as well[…]Unfortunately, there are a lot of fans in Europe, and we are not only talking about Poland and Hungary, but Western European countries as well,” said Kolpakov.

Since last month, the European Commission has been working on guidelines for how governments could employ surveillance technologies like spyware in compliance with EU data privacy and national security rules since last month. Despite the fact that member states are responsible for their own national security, the Commission is considering adopting a position after learning that 14 EU governments had purchased the Pegasus technology from NSO Group.

Apparently, Timichenko was targeted by Pegasus in February 2023 when she was in Berlin for a private gathering of Russian media workers exile. The meeting's subject was the threats posed by the Russian government's categorization of independent Russian media outlets as foreign agents.

Taking into account the work that Timichenko deals with, Russia was first suspected; but, according to the digital rights organization Access Now, additional information suggests that one of the intelligence services of an EU member state — the exact one is yet unknown — is more likely to be to blame.

Allegedly, the motive behind the hack could be that numerous Baltic nations, to whom Russia has consistently posed a threat, are worried that a few FSB or GRU agents may have infiltrated their borders among expatriate dissidents and journalists.

“It may happen and probably it actually happens, but in my opinion, it does not justify the usage of that kind of brutal tool as Pegasus against a prominent independent journalist,” Kolpakov said.

Kolpakov believes that the revelations have left the exiled community feeling they are not safe in Europe. “This spyware has to be banned here in Europe. It really violates human rights,” he added.     

Apple Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

On Thursday, Apple urgently issued security patches for iOS, iPadOS, macOS, and watchOS. These updates were released in response to the exploitation of two previously unknown vulnerabilities in the wild. These flaws were utilized to deploy NSO Group's Pegasus spyware, often used for mercenary purposes. 

Here are the described issues: 

CVE-2023-41061: This concerns a validation problem within Wallet. It has the potential to lead to arbitrary code execution if a maliciously crafted attachment is processed. 

CVE-2023-41064: This pertains to a buffer overflow problem within the Image I/O component. It could lead to arbitrary code execution when dealing with a maliciously crafted image. 

CVE-2023-41064 was identified by the Citizen Lab at the University of Toronto's Munk School. On the other hand, CVE-2023-41061 was internally detected by Apple, with the Citizen Lab providing "assistance" in the process. 

The available updates apply to the following devices and operating systems: iOS 16.6.1 and iPadOS 16.6.1: Compatible with iPhone 8 and newer models, iPad Pro (all versions), iPad Air starting from the 3rd generation, iPad from the 5th generation onwards, and iPad mini from the 5th generation onwards. macOS Ventura 13.5.2: Applicable to macOS devices running macOS Ventura. WatchOS 9.6.2: Compatible with Apple Watch Series 4 and subsequent models. 

In a distinct advisory, Citizen Lab disclosed that the dual vulnerabilities have been utilized in a zero-click iMessage exploit chain dubbed BLASTPASS. This exploit chain enables the deployment of Pegasus on iPhones that are fully updated with iOS 16.6. Additionally, Due to ongoing exploitation, detailed technical information regarding these vulnerabilities has not been disclosed. 

Nevertheless, it has been reported that the exploit has the capability to circumvent Apple's BlastDoor sandbox framework, which was designed to counteract zero-click attacks. The cybersecurity experts at Kaspersky, a prominent Russian cybersecurity firm, have raised an alarm about an ongoing attack campaign. They assert that it exploits a zero-click, zero-day iMessage vulnerability. 

Along with this, reports of these zero-day vulnerabilities coincide with indications that the Chinese government may have issued a directive. This directive is believed to enforce a ban, instructing central and state government officials to refrain from utilizing iPhones and other devices from foreign brands for official work. This move is seen as part of an effort to lessen dependence on international technology, especially in the midst of an intensifying trade dispute between China and the United States.