Apple Update: Security Expert Explains How Pegasus, Trident Spyware Infiltrate Devices Sans Being Detected
ByNo one can deny the fact that Apple's iOS firmware is as tough as old boots in securing their users information from their Apple devices - but not until Poseidon flying on a Pegasus struck its powerful Trident and cracked the iOS firmware.
Last August, rumors about iOS Spywares attacking and allowing some deadly unnoticeable jailbreaks in Apple products spread like wildfire.
It was confirmed just recently that the spyware can track and collect private information such as emails, voice communication, messaging, passwords, and GPS. Even a user's contact lists and selfies are not free from it.
Researchers from the security firm Lookout and the University of Toronto's Citizen Lab discovered the espionage software called Pegasus spyware with the help of the Trident that is dubbed from the three iOS vulnerabilities.
Andrew Blaich, Senior Security Engineer at Lookout, told ZDNet that it collects information about the SIM card. It helps with the identifying and tracking, as well as the user's actual physical location with GPS on.
The sophisticated spyware would infiltrate the targeted iPhone using a pop-up link sent by text messages. Then the Pegasus would be implanted completely undetected and do its work on monitoring and stealing whatever information and data the hackers wanted.
"There's code in there which will actually turn off the ability of the iOS system to actually go ahead and update, so when an update comes down it'll actually prevent that from happening, so it can contain the person using the device," Blaich added.
That means that the infected device would not be able to download any updates and prevent on ridding the Pegasus spyware. The spyware would also clear the mobile Safari browsers' cache so that it won't leave tracks for users to stumble upon when browsing. After gathering all the target information, the Pegasus would delete itself completely undetected by the users.
According to Lookout's official website, Pegasus can also track down a user's GPS and intercepting encrypted communications. Blaich said if users are using end-to-end encryption software that has to be decoded so they can view it on their phone, the malware will hook that and it can see it.
The information led Apple to release a new update. In line with this, Microsoft insisted that Apple can no more secure iPhone than Google can secure Android.