Friday, August 26, 2016

Apple iPhone: What you should know about “Pegasus” – SPIEGEL ONLINE

Little time? End of the text there’s a summary.

One only recently known vulnerability has potentially millions of devices at risk. With their help it was possible attackers to take control of iPhones. Find answers to frequently asked questions.

What happened?

A “Pegasus” called malware uses first analysis indicates three previously unknown vulnerabilities in Apple’s software – one in the Safari web browser and two in the core of the mobile operating system iOS. And the leak is referred to as “Trident”. It is a so-called zero-day exploit, a vulnerability that is exploited, but is not yet well known (see next question)

About the Safari vulnerability of any software code is executed, it says of the American security firm Lookout. The attackers used the to load the assault elements of “Pegasus” on the device. There was sufficient that the respondent clicks on a prepared link. The only unusual behavior for the user was that joined the Safari app.

The active on the device “Pegasus” software felt thanks to the second vulnerability that of Apple actually hidden heart of the iPhone operating system iOS , the so-called kernel. He is a key element for the safety of the equipment.

reported a vulnerability in the kernel itself “Pegasus” secured after extensive access to the iPhone. The spying program secretly led a jailbreak by – so is the process in which an iPhone is freed from the limitations provided by Apple. Some users make the self in order to install more software and configure the device more freely. But this fall, the hurdles for attacks. So here, too: After unrecognized Jailbreak “Pegasus” monitoring software could add

Which devices are at risk

According to the findings of the IT security firm Lookout.? and the Citizen Lab at the University of Toronto that the spy program thoroughly investigated could, “Pegasus” all versions of the iPhone operating system from the established three years ago iOS infested. 7 Only on the new iOS version 9.3.5 of Thursday fails the software.

The software makes the iPhone for digital spy with access to all communications services. “Pegasus” can apparently record calls, read along text messages, access the camera of the device, follow whereabouts, see contact lists, read emails, tap passwords and data from Facebook and communications services such as WhatsApp, Skype, Telegram, Viber or WeChat.

What is a zero-day exploit?

Under a zero-day exploit understand experts exploiting a vulnerability in a system that is not was well known and therefore not stuffed. The programmer of the software therefore have no way or even that they need not to develop patches against the attack.

Zero-day exploits appear again and again and, under all operating systems. While investigating software companies their programs regularly for vulnerabilities. Nevertheless, software is never really sure. In thousands of lines of program code, mistakes can still hide. Mostly are from developers code blocks from old programs used for new applications in this way to vulnerabilities can spread. Last year, a zero-day exploit was discovered on average every week, writes the security company Symantec in its Internet Security Threat Report.

Zero-day exploits for which intelligence, but also criminals interested, there is a brisk trade online. Only a few months ago made a firm sensation that exposed one million US dollars reward the iPhone for a zero-day vulnerability – and finally by its own account and paid off

What should iOS users. do now?

Apple stuffed according to the researchers, the gap around two weeks after the first suspected and ten days after the company learned of it. This is a comparatively quick response. Users are urged to install the distributed update on Thursday unless it is offered for the own device.

The size of the program can vary depending on the device. You can find the update to version 9.3.5 under “Settings” -) “General” -) “Software Update”. Apple recommend the users of its devices, always install the latest version of the operating system, it was a demand of SPIEGEL ONLINE.

In addition, it shall continue to be wary of messages from unknown sources and links in e-mail or SMS to click if the sender is unknown.

Are Apple devices now no longer safe?

Apple devices still apply despite been flown Trident weakness as relatively safe. This is partly because Apple hardware and software come from one manufacturer and are completely compatible. Other operating systems like Android have the problem that different manufacturers install the software on a wide variety of devices, some with modifications that increase the risk that creep vulnerabilities in the system.

Because of the large variety of devices with Android equipments, it is also relatively heavy, vulnerabilities to close quickly. Is it enough for Apple to modify the software, the manufacturer of components and equipment vendors need to be included in Android often. Therefore, it may happen that it takes several months, will be closed to known vulnerabilities.

Another point that speaks for the greater security of Apple devices, is the wider distribution of operating systems such as Android or Windows in Unlike Mac OS and iOS. The more potentially vulnerable devices there are, the greater the temptation to look for relevant vulnerabilities.

Even if Apple vulnerabilities have been reported in the past repeatedly. So it was possible attackers to gain over the digital voice assistant “Siri” access to the address book and photo collection. Another attack was possible on the lock screen. Also on the App Store could already bring malicious software on iOS devices hackers. In general: No software is safe and gaps there are always, in all devices

What is the “Pegasus” busted Service attack

Since.? when and how often “Pegasus” is used for attacks is unclear. According to Lookout discovered software is “significantly more than one year” was in operation. In the focus the software came now, because of the human rights activist Ahmed Mansoor forwarded suspicious SMS containing links to an unknown site. Mansoor was on August 10th and 11th in two messages “new secrets” provided about tortured prisoners in the United Arab Emirates in view.

He did not open the links, but sent them from its iPhone 6 with iOS 9.3.3 to the Citizen Lab at the University of Toronto on. Their researchers wanted to find out more about the attack and opened the link on an iPhone 5 at delivery. When they realized that software was loaded onto the device and apparently unknown vulnerabilities are exploited, they shared their findings with Lookout. The Citizen Lab and Lookout finally informed Apple of the vulnerability.

Who is the company that is behind “Pegasus”?

of According Citizen Labs is “Pegasus” a spyware the Israeli company NSO Group – a confirmation are not currently available. However, speaking as specific file name or the nature of the links in the text for the link.

The company founded in 2010 to sell monitoring software for mobile devices to governments, now they will belong to 70 percent of American private equity firm Francisco Partners. The should have checked a sale of the company in November, 2015. How many Israeli high-tech companies, the NSO Group based in Herzliya north of Tel Aviv. A site is the company does not, it is far less online presence than competitors.

Lookout wrote in a report, the NSO Group should deal not only with iOS, but also with Android and BlackBerry spyware , 2014 portrayed the “Wall Street Journal” the company to interview requests was then not responding. In an earlier interview, a co-founder of the NSO Group reported to have said: “We are a complete mind we are completely invisible to the goal, we leave no trace..” According to Israeli media reports to the developers of the NSO Group include former employees of computer department of the intelligence unit 8200th

How many companies like the NSO Group there?

Companies as the NSO Group there are some, such as the so-called gamma Group with an offshoot called FinFisher in Munich and the Italian firm hacking team. Hacking Team had been spied in summer 2015, even in a leak on the Internet there were numerous information about the spyware manufacturer.

In the past, should have been tried both with FinFisher- as well with Hacking Team Software be, Ahmed Mansoor spy. Once a disguised as a PDF file .EXE file he was sent once attackers made a gap in Microsoft Office exploit. Added more Ausspäh attempts came with other software.

companies like the NSO Group acted in the twilight, said Lookout Europe Chef Gert-Jan Schenk on Friday. “The lack of global legislation preventing means that you can learn more about such companies.” The assurance of the developer to sell such programs only to government authorities, is not sufficient. “If they should fall into other hands, it is very, very dangerous.”

In summary: With a malicious software that until then exploits unknown vulnerabilities in Apple’s iOS operating system, unknown wanted to attack the iPhone a human rights activist. The extent of the three vulnerabilities is huge. Users can be sure to install the provided by Apple Update 9.3.5.


No comments:

Post a Comment