1 comment

  • Avatar

    This is a hard one. Quoting Wikipedia

    "Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the "most sophisticated" smartphone attack ever, and marked the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected"

    Since Pegasus inserting is "jailbreaking", it is not even possible to know that from the network. 

    But after the Pegasus is installed, it will communicate to its command and control servers. And when it does that, and if those C&C are known (and in our data source), the Firewalla should be able to block it. (or alarm, depends on how bad the C&C is)

    And if you are using Firewalla already, the behavioral analysis part may be able to catch something as well, this is the "upload" alarms. This part doesn't need signatures, it is simply looking at behavior. 

    Comment actions Permalink

Please sign in to leave a comment.