We use cookies and other tracking technologies to provide services in line with the preferences you reveal while browsing the Website to show personalize content and targeted ads, analyze site traffic, and understand where our audience is coming from in order to improve your browsing experience on our Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our Cookie Policy / Privacy Policy.
Interested in blogging for timesofindia.com? We will be happy to have you on board as a blogger, if you have the knack for writing. Just drop in a mail at toiblogs@timesinternet.in with a brief bio and we will get in touch with you.
Sanjay Katkar is CTO, Quick Heal Technologies Ltd.
NSO Group’s spyware ‘Pegasus’ has been recently creating global headlines and political controversies. Time and again, the spyware has made it clear that no mobile phone is safe from state-sponsored hackers. As the international spyware trade grows, there will be more companies like NSO offering sophisticated spyware as a service. 
This brings us to the most important question: how safe is your privacy on the verge of the global spyware trade? 
The Inside Story of Pegasus 
 NSO has developed Pegasus spyware over years of research. It has invested heavily into this spyware technology that has grown sophisticated every year with constant evolution. The researchers have a thorough understanding of all the popular mobile OS like Apple iOS, Google Android as well as popular apps like WhatsApp and other most downloaded apps. 
But what makes Pegasus interesting? 
Its capability to infect a phone with ‘zero click’ a.k.a. no user interaction. To achieve this, the spyware needs to exploit a vulnerability in the phone’s operating system or popular apps. Researchers at NSO have devised multiple infection methods exploiting an unpatched vulnerability in OS and apps. This way Pegasus can infect a phone by just sending malicious posts or SMS or even sometimes giving app-based calls over vulnerable apps. NSO has a growing repository of these vulnerabilities spanning across most OSs and Apps. If one vulnerability is patched by the vendor, they switch to another vulnerability. 
Hijacking by Pegasus
NSO brute-forces such as messaging probes for high probability vulnerabilities into the targeted phones until they find a successful one to exploit. Once the vulnerability is exploited, it downloads and executes a payload that would ‘root’ the phone (a.k.a jailbreak). Once privileged, it installs the spyware files deep into the OS bypassing the OS security. In essence, as long as the victim has unpatched vulnerabilities in OS/Apps, nothing can stop Pegasus from entering the phone and taking full control of the phone. 
 Once the spyware has control of the phone it starts executing further payloads which give itself capabilities to steal/exfiltrate SMS, call records, emails, photos, videos, documents on the phone and send them to the central server. It can also deploy the modules (on remote command) that can also eavesdrop on a phone conversation or enable phone microphone and camera to spy on the user. 
The real issue with Mobile Security Apps
 Most of the existing mobile security apps cannot detect the Pegasus attack or its presence. On mobile operating systems like iOS and Android, apps are executed in a virtual environment with very limited access permissions, good enough for that app to carry its job. Every app has to take appropriate permissions from the user to access the resource/functionality of that mobile OS. This works well for most of the apps on the mobile ecosystem, but it does not give much flexibility or rights for mobile security to perform its duties. Both Android, as well as Apple, treat mobile security apps just like any other app available on their respective store. 
With this approach, mobile security has to work within the limits of the devices’ OS, which reduces the capability of mobile security apps to search, examine or monitor the changes done by advanced Spywares to the devices OS. If at all, any mobile security app tries to gain access to the rights to achieve the capability to detect such advanced spyware, it is considered a red flag. The app developer program of the OS marks the app as violating OS rules and warns the app developer that it will be removed from the app store. 
How to address it?
To achieve enhanced security, mobile security apps will need to perform multiple checks/scans. This will call for special permissions from the OS. But the problem is that there is no such provision for mobile security apps to gain special permissions that can help them do better scans/detections in the mobile OS and detect the advanced malware/spyware that goes deep and gels with the OS (like Pegasus). 
What we should learn from Microsoft?
In comparison with Windows OS for PCs and laptops, Microsoft has done a wonderful job by collaborating with global security vendors and giving the security applications special access and loading permissions. They achieve this by providing MS signed security drivers/services with special permission to load early with the OS so that it has a better view and capability to protect the system, well before the malware/spyware takes control. MS has several other programs that are designed for security vendors to perform better.
 Microsoft has faced the challenge of viruses/malware to its OS for more than three decades now. Over these years, it has modified the program for tackling this cyber threat challenge. As part of this development, MS now follows a practice of developing its core components from scratch every few years with a new understanding and learning of the evolving cyber threats. Not only have they improved their internal systems but also have a very mature partner program for security vendors. They involve security vendors early in the OS development cycle to ensure that proper support is given to the security software to perform its duties. 
For instance, Microsoft Virus Initiative (MVI) program really does a good job in engaging all the security vendors early in the OS development, testing and release phase. This gives advantage and confidence to all the vendors, enabling them to detect the malware/spyware infection early in the system or at least sense if something is going wrong in case of more advanced sophisticated malware. 
This helps them reduce the gap between the new novel approach of malware infection using unpatched vulnerability and some security vendors out there coming across something suspicious with the system. Leveraging this technique leaves a smaller window for advanced malware like Pegasus to barge in and infect platforms like MS Windows. 
Summing up
It is critical to understand the OS vendors’ primary job is to develop the best operating environment that can detect all types of threats in the device. Security vendors are thus always on their toes looking out for any malicious files/activities/exploits being used in the wild. They have a much better ecosystem of monitoring cyberspace for malicious things rather than the OS vendors. 
It’s high time that Apple and Google allow security vendor apps special permissions and work harder with these players to improve their OS’s security. In the coming days, there will be more organizations like NSO that will develop such advanced Spywares and make them commercially available. The technology will become more accessible and there will be other malware that will follow the path of zero-click infection for hijacking mobile devices. 
 Unless Apple and Google open up to work closely with security vendors, mobile security apps won’t be able to stop advanced spyware infections like Pegasus.
{{{short}}} {{#more}} {{{long}}} Read More {{/more}}
Views expressed above are the author’s own.
What should Hindus want? India’s best asset is its modern democracy, not one community dominating others
Why Pegasus is just the tip of the iceberg
Congress must aspire to be like Apple, and not BlackBerry
Two-year itch: Post 370, J&K awaits a permanent political arrangement. Speed up delimitation process
An Afghan question: India needs a clear refugee policy based on international principles
When Parliament becomes a noisy fish market, and MPs irrelevant
Fifty shades of humbug: Why desis pretend they don’t consume porn
Death of a bad tax: GoI deserves credit for bill to bury 2012 legacy
Chicken tikka masala & a Congress conundrum: At Sibal’s dinner for Oppn leaders, main course was interrogation of GOP
Quotas solve little: Reservations have morphed into a populist exercise to deal with a jobs crisis. This will not help
Interested in blogging for timesofindia.com? We will be happy to have you on board as a blogger, if you have the knack for writing. Just drop in a mail at toiblogs@timesinternet.in with a brief bio and we will get in touch with you.
Just Another Blog,TOI Edit Page
To name and address,TOI Edit Page
Straight Talk
Copyright © 2021 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service


Por redditxxx