Adversaries may communicate with compromised devices using out of band data streams. This could be done for a variety of reasons, including evading network traffic monitoring, as a backup method of command and control, or for data exfiltration if the device is not connected to any Internet-providing networks (i.e. cellular or Wi-Fi). Several out of band data streams exist, such as SMS messages, NFC, and Bluetooth.
On Android, applications can read push notifications to capture content from SMS messages, or other out of band data streams. This requires that the user manually grant notification access to the application via the settings menu. However, the application could launch an Intent to take the user directly there.
On iOS, there is no way to programmatically read push notifications.
|S0316||Pegasus for Android|
|S0289||Pegasus for iOS|
Users should be instructed to not grant applications unexpected or unnecessary permissions.
|ID||Data Source||Data Component||Detects|
|DS0042||User Interface||System Notifications||
If the user sees a notification with text they do not recognize, they should review their list of installed applications.