Targeted iOS Spyware: What you need to know to protect your organization from Pegasus and Trident
In 2016, The New York Times, Wall Street Journal, Washington Post and many other media outlets covered Lookout and Citizen Lab's striking find: the most sophisticated, targeted, and persistent mobile attack ever found on iOS. On July 18, 2021, The Washington Post and 16 other media outlets reported that Pegasus was used on countless business executives, human rights activists, journalists, academics and government officials.
The attack allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from voice communications, camera, email, messaging, GPS, passwords, and contact lists.
This discovery is further proof that mobile platforms are fertile ground for gathering sensitive information from target victims, and well-resourced threat actors are regularly exploiting that mobile environment.
Get a quick overview and answers to the most frequently asked questions about the Pegasus spyware and Trident vulnerabilities from the Executive Four-Minute Read document below, ideal for CEOs and business executives.
CISOs, CIOs, and Security Researchers should get a copy of the Technical Analysis of Pegasus Spyware, the most in-depth information available on this unprecedented attack, from the only security company with samples of Pegasus.
Pegasus and Trident: Executive four-minute read
Spend four minutes reading this executive brief for a complete overview of the Pegasus spyware attack on iOS, including answers to the most commonly asked questions, a summary of the media response, and unique perspective from Lookout.
Read Lookout's investigation into this highly sophisticated espionage software. The attack takes advantage of how essential mobile devices are in our lives, spying on voice communications, camera, email, messaging, GPS, passwords, and contact lists.
Encryption and VPNs alone do not protect you from Pegasus and Trident
Encryption and VPNs are excellent tools that protect sensitive data in most situations. However, Pegasus has kernel level access to the device. This means the spyware sits in the path of all data, and uses “function hooking” to alter the legitimate app itself and intercept the decrypted communications.
First uncovered by Lookout and Citizen Lab in 2016, the highly advanced mobile spyware Pegasus was recently confirmed to have been used on business executives, human rights activists, journalists, academics and government officials.
With just a single tap the Pegasus attack has the capability to cause catastrophic data loss to a targeted individual or organization, completely compromising all communications from a smartphone. ISOs and CIOs should read this post to learn the top five things to do now.
Device already infected with Pegasus? Updating your OS won’t help
Updating to the latest iOS version will unfortunately not remove or detect Trident if the device is already infected. If an attacker has already infected a device with Trident, updating to iOS 9.3.5, the latest version of iOS, will only protect against future infection. It does not remove the spyware itself or alert enterprises to infections.
MDM solutions don’t deliver sufficient protection against Pegasus
MDMs can only detect known jailbreak techniques. Pegasus used advanced exploits of zero-day vulnerabilities to jailbreak the device. Now that these advanced techniques are publicly known, we have not observed any MDM technology that is currently able to detect them.