We have news again about Pegasus, the tool of the Israeli company NSO that publicly and with impunity presumes to hack our smartphones illegally, but yes, just to sell our data to the government that pays the most.
According to the Financial Times, NSO Group Technologies assures that can access virtually any cloud data storage service, including Apple's. How do you get it? We explain it to you below.
How Pegasus works
The first thing that is needed is for Pegasus to be installed on your device. It is not a global access to the attacked servers, but must be accessed from the target person's own device, which requires having spyware installed. This software is responsible for recovering the credentials from the device and sends them to the hackers' server.
Once they have the access credentials, the hackers take care of clone your device, including its location, and pretending that it is your own smartphone that accesses iCloud, Facebook or any other service. It seems that in this way it manages to avoid being detected and requested, for example, the double factor that it requests from us when we want to enter iCloud from outside our smartphone.
What we can do to prevent it from infecting us
We do not know the method that Pegasus uses to infect our devices. It may take advantage of a security hole in the operating systems so that through a simple message or email it can access our device, in which case we can do little. But may use unofficial apps, certificates from dubious origins… That's why we always insist that you don't install apps that don't come from official stores.
Once we are infected the only solution we have left is restore the device and change our password to iCloud, Facebook and any other service that we want to protect. In this way, the access code that Pegasus has will no longer be valid, and unless it infects us again, you will not be able to access our services.
What does Apple say about this?
Apple's statements regarding this issue are quite terse and really they do not confirm or deny anything.
We have the safest platform in the world. There may be tools that allow to execute attacks on a small number of devices, but they are not useful for large-scale attacks against our users.
In the absence of some more extensive statements that confirm whether it is true that your devices are sensitive to this attack, and most importantly, while waiting for them to find a solution for this type of malware, the only thing we can do is what before you we indicate: be wary of any application that does not come from the App Store or any certificate that we are asked to install in our terminal.
Public offenders and unpunished
The most bleeding part of all this problem is that a company publicly boasts of illegally installing, without the user's authorization, a malicious software that is responsible for collecting the access codes to services with the intention of copying personal data and selling them to the best bidder. But he "promises" that he only sells it to governments, their impunity is absolute.
Until when can the privacy of users be violated so flagrantly with the permissiveness of all governments? It is disconcerting that Big Tech has to protect citizens' privacy from government attacks. democratic (or not).
