{"uuid": "253a7d92-326e-4707-bb9a-c4ac5800e932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-3568", "type": "seen", "source": "https://t.me/technical_private_cat/338", "content": "Good afternoon my Mary Ann \u2763\ufe0f\ud83c\udf80\n\nDo you like tracking?  I don't really, so I want to tell you about it \ud83d\ude43\n\nThis post is about attacks from intruders (including secret services) on Teflon and not only to collect surveillance information\ud83d\udcf1 \n\n\nFirst of all let's talk about different exploits and our favorite Pegasus \ud83c\udfa0\n\nPegasus can infect the phones of victims through various mechanisms like phishing or exploits , for example these methods can include a message (SMS, iMessage, WhatsApp, email) containing a phishing link . \nWhen this link is clicked, software is transmitted that infects the device.\n\nOthers use a zero-0-day attack such as CVE-2019-3568  A buffer overflow vulnerability in the WhatsApp VOIP stack allowed remote code execution using a specially crafted series of RTCP packets sent to the target phone number. Attackers need only make specially crafted VoIP calls to the victim to infect it . \n\nIn addition to zero-day exploits, Pegasus uses \"site-based attacks.\" \nIn this case, the smartphone owner does not need to click on any links. All he has to do is open his browser and visit an unsecured site. As soon as the person clicks on the link, the malicious program gains access to the device. Or for example CVE-2016-4657  was used there .\n\nHowever, this method is more difficult to implement than a malicious URL or \"zero-day\" attack on the phone as it is necessary to track cell phone usage to the point where its Internet traffic becomes unprotected.\nThis is usually done through a\n mobile operator \nthat governments can access or control\n. Because of this, it is difficult or impossible to attack people outside their jurisdiction. And zero vulnerabilities have no such limitations.\nIn addition to these mechanisms\n, there is also a manual option: if an agent manages to gain physical access to the target's phone, spyware can be manually installed. \nIn all approaches, the goal is to gain full control over the mobile device's operating system, either by rooting (on Android devices) or by jailbreaking (for Apple iOS devices).\n\nAfter unlocking the device, an intruder can install additional software to provide remote access to the device's data and functions. \nEarly versions of Pegasus were installed on smartphones via vulnerabilities in commonly used applications or by spear-phishing, which involves tricking the target user into clicking on a link or opening a document, he secretly installs the program. \nAnother method was to send a message to the user's phone without notifying him.\n\nNow let me tell you what Pegasus does once it gets on the device .\ud83d\udcf2\n\nOnce installed, Pegasus can collect any data from the device and transmit it to the attacker.\nPegasus can run any code on the device, use the device's camera and microphone, giving remote commands in real time, retrieve contacts, call and web search logs, web browsing history, text messages, photos, videos, settings, location records, and information from apps like iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, Skype, and others. . Pegasus also tracks keystrokes on the infected device, all written messages, including passwords.\n#intelligence_services #virus #social_engineering  #protection #malware #android #browsers #decentralizatio #mobile #anonymity #spying  #cve #exploit", "creation_timestamp": "2022-11-27T20:27:16.000000Z"}