1 comment

[ 3.2 ms ] story [ 15.9 ms ] thread
>The vulnerability purportedly affects the iPhone and Apple’s iCloud as well as Google Android phones, and even third-party apps installed on the phone that communicate over “encrypted and secure” connections.

The spyware is sold by NSO Group is supposedly only sold to governments to assist with crime investigations, but there are fears that the Pegasus spyware is also used by countries to help enforce authoritarian and dictatorship leadership.

The new version of the Pegasus software is supposedly able to capture and clone the authentication tokens used for services like iCloud. Then, it can essentially construct a man-in-the-middle attack to pretend to be the target user’s device, and download whatever data it pleases from the origin server by making requests that seem to be coming from the origin phone.