A number of prominent news websites including The Guardian and The Washington Post published key details revealing the nature of what they are calling ‘global surveillance operations’ using Pegasus. The reports say that over 10 governments are involved in surveillance of people with the use of the Pegasus spyware.
Deemed to be the most powerful spyware to have been around by many, Pegasus is making news again as it often has since 2016. It is easy to get this malware into a device, without the user taking notice. Once it is in, it is capable of “total surveillance” in the words of Kaspersky researchers.
What is Pegasus?
Created by an Israeli cyber intelligence firm, NSO Group, this malicious software, classified as spyware, is designed to get on one’s phone with them being none the wiser. It then would gather personal information and relay it back to whoever it is that is using the software. It can access all messaging apps like WhatsApp, even the encrypted data is susceptible as Pegasus steals all outgoing messages before they were encrypted and all incoming data, post decryption. It can harvest photos, videos, and record calls. It is capable of activating both the camera and the microphone and can secretly film or record conversations.
It can potentially pinpoint where you are, where you’ve been, and who you’ve met.
However, the NSO Group had claimed that their motive was only to ‘develop best-in-class technology to help government agencies detect and prevent terrorism and crime’.
How is it inflicted?
Pegasus infections can be made successful through what are called “zero-click” attacks. They do not require any interaction from the phone’s owner.
These will usually exploit “zero-day” vulnerabilities in operating systems, which are flaws or bugs that even the mobile phone’s manufacturer is in the dark about still, and thus, has been unable to fix.
Generally, this happens through the use of malicious web links. However, the spyware is so secretive that it can be installed with only a missed call, too. Once infiltrated, it even deletes the call log entry, so that there is no trace on the gadget whatsoever.
At the same time, Pegasus is a smart spyware. It takes every measure to avoid detection while it was spying on a user. Again, the Kaspersky researchers wrote:
“Another interesting fact about Pegasus is that it tries to hide itself really diligently. The malware self-destructs if it is not able to communicate with its command-and-control (C&C) server for more than 60 days, or if it detects that it was installed on the wrong device with the wrong SIM card (remember, this is targeted spying; NSO’s clients weren’t going after random victims).”
That considered, an average phone user need not worry about the classic Pegasus. If you are using the latest software versions — iOS 14 or Android 11 — and the latest versions of apps like Facebook and WhatsApp, you should be in the clear as any security concerns have come to light and been patched up.
Additionally, the Pegasus is an extremely expensive malware and according to the NSO Group, is sold only to government agencies for ‘targeted surveillance’. So, unless you have reason to believe that a powerful organisation like the government would want you under the radar, you are safe from tools like Pegasus.
It is worthy of mention; no device is hackproof, new loopholes in security systems are discovered often and it is best to take precautions when online.