Pegasus iOS exploit uses three zero days to attack high-value targets. How to check for it

Apple has rolled out a patch for a dangerous remote iOS exploit that has been used by governments to attack political dissidents, rights activists and journalists.

Researchers Lookout Inc. and the Citizen Lab, based at the Munk School of Global Affairs at the University of Toronto, have dubbed the iOS exploit Pegasus. They describe it as “the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists.”

“The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information,” Lookout and Citizen Lab wrote. “This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.”

Pegasus takes advantage of three iOS zero-day vulnerabilities — called Trident by the researchers — in order to remotely jailbreak a user’s device, install sophisticated malware and allow the attacker access to virtually all of the information on the device.

If you think your device may be infected with Pegasus spyware, be it jailbroken or not, or just want to make sure for your own peace of mind, then you can follow the simple steps below to check whether your iPhone or iPad has this dreaded spyware.

Step 1: First and foremost, you’re going to need to download the free-of-charge Lookout app onto the iOS device in question. Lookout describes itself as the “ONLY all-in-one security app” for your iOS device, so it stands to reason that we’re going to use it to check for Pegasus. You can grab the download from App Store here.

Step 2: Launch the newly installed Lookout app and register for an account. This will require you to run through a simple on-screen tutorial as well as allowing things like access to push notifications and the contacts on the device. Once registered, you can now access the functionality of Lookout app.

Step 3: On non-jailbroken devices: if the “Security” section says “Secure”, it means everything is good. You are not infected with Pegasus. But if on non-jailbroken devices it shows “Warning” or “Caution”, tap on Security to see what is causing it. From Security section, tap on System Advisor next. If you are infected, it will show “Your iPhone has been compromised. Lookout has detected Pegasus threat on your device.” as shown in the screenshot below.

 

On jailbroken devices: Since the device is already jailbroken, the “Security” security will either show “Warning” or “Caution”. Tap on Security, and then on System Advisor, if it just shows “Your iPhone has been jailbroken” message, it means the jailbroken device is fine, and not infected with Pegasus. But if Security > System Advisorshows “Your iPhone has been compromised. Lookout has detected Pegasus threat on your device.” message like in the screenshot above, it means the jailbroken device is infected with Pegasus.

And that is potentially the easiest way to see if a device has been infected with the Pegasus threat. It is worth noting that Lookout app isn’t purely built to detect that infection, and therefore can throw warnings up for other matters as well. It’s probably good advice to listen to whatever recommendation it brings from a security perspective.

 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s