A consortium of media organisations including The Washington Post and The Guardian broke the news about spyware Pegasus. Developed by the Israeli cyber arms firm NSO Group, Pegasus can be covertly installed on mobiles and other personal devices. As per the latest revelations, this software can exploit all recent iOS versions too.
Pegasus can record your calls, copy your messages, see your emails, listen to your talks via a microphone in your phone, and secretly film you; a great threat to privacy and a potential infringement of human rights. Its usage has been discovered in planning murders such as that of journalist Jamal Khashoggi.
While a single individual can’t stop the attacks, awareness is a tool that can help us combat the problem.
Who can be Infected?
Pegasus has been used to spy on opposition leaders, activists, journalists, academicians, and more. In its report, the consortium at least 10 governments are believed to be NSO customers — Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE)
Pegasus has been used to target people with sensitive information like Presidents, diplomats, or journalists.
Speaking about Pegasus and its threat, Nandakishore Harikumar, Founder & CEO, Technisanctsaid, “Pegasus is just the name of spyware made by NSO. Deploying these Spywares makes them more complicated. Like it can be remotely deployed, but in some cases target needs to go through some actions like clicking a message, opening an iMessage in case of an iPhone, attending a call etc. But always, the attacker would be trying to find a One-click exploit or Zero click exploit. In case of a one-click exploit, victims need only to click a link, and the attacker gains access to the device, and hence malware is deployed. In the case of Zero click, the attacker exploits the device’s vulnerabilities and deploys it. In the latest scenario, we will have to assume that a mixture of all these was used. Apple devices were said to be secure, but the latest Pegasus Spyware package was even used to successfully attack devices updated to the last version OS 14.6.”
Almost all devices can be affected by Pegasus. Earlier this year, ZecOps claimed that iPhones and iMacs have a software vulnerability that makes them a soft target for unassisted attacks, especially with its mail app. These vulnerabilities have existed since iOS-6 (released in September 2012). From iOS 13, this became a zero-click attack vulnerability, i.e. you can become a target of Pegasus without clicking on any link in any message or email. The hacker will have remote code execution capabilities and enable the attacker to remotely infect a device by sending emails that consume some memory.
It doesn’t require a very large space; an email with sufficient regular emails that consumes enough RAM is adequate.
Androids are also hacked similarly through emails or a wireless trans receiver located in the radio range of the target. Finally, if all fails, it can be installed if someone steals the phone and installs it remotely.
Is my device infected?
Pegasus’s key feature is its anti-forensic and self destruct features; therefore, analysing a phone for any infection is an arduous task. It helps in establishing if the phone is currently infected and phoning home. Any forensic procedure can set off the self-destruct capabilities of the software.
Pegasus only inhabits the temporary memory of the device instead of the hard drive, which means that every trace of the spyware is wiped down when the device is switched off.
Individuals can check if they have been infected with the help of a toolkit designed by Amnesty International with Citizen Lab, University of Toronto. The Mobile Verification Toolkit(MVT) works on both Android and iPhones.
When installed, it takes the entire iPhone backup and feeds it into a program that scans it for any indicator of compromise known to be used by NSO or exists in its infrastructure. It adopts a similar approach in Android phones by checking all backup messages and links associated with NSO. In addition, it scans all malicious apps installed on the device.
To install the toolkit, a person requires some basic knowledge to navigate the terminal and get working in about 10 minutes. After that, it is like a cat and mouse game. Amnesty determined that it was easier to find traces of an attack on an iPhone than on Android.
What to do if my phone is infected?
If your phone is infected or you strongly suspect that it has been infected, the best thing to do would be to replace your device. However, before replacing the device, you could do a couple of things:
- De-link all your accounts: Pegasus steals all information from your phone. You should immediately de-link all online cloud accounts even after your device is no longer infected to protect your privacy.
- Change your passwords: If your phone was hacked the hacker has had access to your passwords, immediately change them. You can also use a password manager and enable two-factor authentication for login.
- Enhance your online safety: Investing in online security always pays back. You should always ensure that your device is protected from ordinary spyware online.