Everyone knows what the infamous Pegasus is. But there are more of these types of government trojans. One of them, Macedonian Predator, was commented on by Google's security team. The reason is that with Predator, someone is hacking into fully updated Androids.
Predator targeted by Google
Google described the details of three campaigns using Predator. The company confirmed that Predator was used in countries such as Egypt, Armenia, Greece, Madagascar, Serbia, Spain, Ivory Coast and Indonesia. But this is probably not the full customer list of Cytrox, the manufacturer of Predator.
How does Predator work?
Predator takes advantage of vulnerabilities in Android, both those whose details have long been made public (but users haven't uploaded patches) and unknown ones, or so-called zero days. Google has admitted that it is looking at 30 zero-day exploit authors who sell their exploits to, among others, government trojans.
The attacks described by Google consisted in sending email with shortened, one-time use links. The links directed victims to a suitably crafted page that installed "Alien," or the Predator agent, on the victim's smartphone.
A report on Predator was also published by CitizenLab. You can read it here.
Once infected, Predator works similarly to any other trojan. While this government trojan doesn't have such extensive access to documentation/presentation of its capabilities, you should assume that no file on the device, or what happens in its vicinity, is no longer "confidential."
Android or iPhone, it doesn't matter
Predator's publicity will do well to those who, after the wave of media reports on Pegasus, thought that because there were no Android users among the disclosed victims, that system was "safer" or "not susceptible to surveillance." This is not true.
Exploit creators create exploits and it doesn't really matter to them what system or application code they analyze. In every code sooner or later they will find some bugs. The question is if there is a demand for exploit code for a given platform (understood as hardware, system, applications). The more strange configurations, the greater the cost of developing such an attack. But is there a smaller chance? Often these less popular platforms, precisely because of their low popularity, are less mature, also in terms of security...
An extensive list of dozens of different government trojans / exploit frameworks can be found discussed in Episode 46 of the On Eavesdropping podcast.
I have an Android, what to do, how to live?
There's still a greater risk that a typical citizen will get hit with a typical "SMS from PGE" scam or an incentive to install a left-side app than that some government agency will take him or her Predator/Pegasus. So first of all it is worth to protect yourself against mass attacks, and then try to protect yourself against zerodays that are very difficult to detect and fight, although unfortunately this is basically doomed to failure.
So first of all take care of regular updates and think before clicking on links that someone will send you via SMS/e-mail. There's much more advice on how to secure Android, you'll find them all in our 2 hour training on how to secure your Android smartphone. With code PREDATOR you can watch the recording of this training for half price. But only if you buy access till 11:59 p.m. Don't worry, you get 30 days access to the recording, so you will definitely have time to get familiar with the material. Click here to buy access to the recording of this training.
You must be logged in to post a comment.