LIVE TV
ugc_banner

'Zero-click exploitation': Google describes how NSO's Pegasus hacked into iPhones

WION Web Team
WashingtonUpdated: Dec 20, 2021, 05:00 PM IST
main img
Photograph:(IANS)
Share on twitterFollow Us

Story highlights

US government had recently blacklisted the NSO group since it supplied Pegasus spyware to foreign governments that used tools to 'maliciously target' government officials, journalists and activists.

Amid worldwide uproar over NSO's Pegasus surveillance software allegedly used by various government agencies on individuals, Google in a blog post has tried to explain how the Israel-based company hacked into iPhones without anybody's knowledge.

Google said it is aware "NSO sells similar zero-click capabilities which target Android devices". It said that the "one-click exploit" occurs when a person's phone is being hacked when the link is clicked once.

Google described how the Pegasus software hacked into iPhones. The search giant said in the post that NSO is now offering their clients "zero-click exploitation technology" allowing an attack on a person's phone even when the user hasn't clicked on a phishing link. 

"In the zero-click scenario no user interaction is required," the blog post said. This means the attacker targeting a specific person does not need to send a phishing message since it works "silently in the background".

Watch: French President Macron changes phone after Pegasus case

"It's a weapon against which there is no defence," the Google post added. A person therefore can be targeted just for using a phone citing the Apple attack. A person with a phone number or an AppleID username can become a target, it informed. 

Google said the "initial entry point" for Pegasus on the iPhone was the iMessage.

The Pegasus software uses GIF files in iMessages to target users. It uses the "fake gif" trick to hack into phones covertly even as the person remains unaware.

The US government had recently blacklisted the NSO group since it supplied spyware to foreign governments that used tools to "maliciously target" government officials, journalists, business people and activists.

The post said Apple worked on the problem and fixed it in September this year as it released a new iOS update.

(With inputs from Agencies)