Pegasus protection?
-
This is a hard one. Quoting Wikipedia
"Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the "most sophisticated" smartphone attack ever, and marked the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected"
Since Pegasus inserting is "jailbreaking", it is not even possible to know that from the network.
But after the Pegasus is installed, it will communicate to its command and control servers. And when it does that, and if those C&C are known (and in our data source), the Firewalla should be able to block it. (or alarm, depends on how bad the C&C is)
And if you are using Firewalla already, the behavioral analysis part may be able to catch something as well, this is the "upload" alarms. This part doesn't need signatures, it is simply looking at behavior.
-
May i ask to extend the info ?
If i got Pegasus on my phone. Then I'll connect to wifi inside firewalla router mode will it see if someone is actively connecting to my phone?
Second question if someone will try to go from infested phone to LAN PCs - don't know the method how is it working i quests first is scanning network then try to upload code to machine inside lan ? Or maybe it's done in a different way?
Will firewalla find and block port/network scanning and will it check woth deep packeting inspection is there any intrusion form inside packages from phone ?
Please sign in to leave a comment.
Comments
2 comments