Pegasus: what it is and how to defend against spyware

The source of much controversy over the past few years, Pegasus software has recently returned to the news. Developed by the Israeli company NSO Group, the program is used by governments to fight criminals, but it has also become a potent weapon of political espionage.

According to a major report released on Sunday (18), the program has been misused by authoritarian governments since 2016. The tool was reportedly used to spy on about 50,000 phones, including devices from journalists, activists and other figures of interest, including presidents.

In a post on its website, the NSO Group defended itself against the allegations and said the information was incorrect and “far from reality”. According to the company, an extensive background check is carried out before releasing the use of spy software, which is officially used for security purposes, such as dismantling drug and human trafficking schemes.

“Our verification process goes beyond legal and regulatory requirements to ensure legal use of our technology as designed,” says the company’s website. O TechWorld contacted the NSO seeking further clarification and we are awaiting a response.

How does Pegasus work?

Pegasus is nothing new and has been causing controversy since 2016, when the first reports of using the software for spying began to emerge. According to the NSO, the program is used by 60 agencies globally — a list with the names of the institutions was not released.

Classified as spyware, the solution is designed to silently infiltrate a device and allow data collection without causing a fuss. Even with the official purpose focused on security, Pegasus’s “deviation of function” cases are commonplace. The program has been involved in scandals in more than 40 countries, including Brazil.

The virus can be used to collect virtually any cell phone informationSource: Amnesty

The software works as a robust espionage weapon, ensuring full access to the contents of the infected device. After entering the victim’s cell phone, the program can intercept messages and calls in real time, in addition to allowing sensors such as camera and microphone to be remotely enabled.

Pegasus can also be used to monitor the victim’s location via the cell phone’s GPS and even map the touches on the device’s screen. The program is so invasive that even end-to-end encrypted applications like WhatsApp are vulnerable to eavesdropping.

How does Pegasus infect devices?

In addition to having a powerful suite of spy tools, Pegasus can also infect a cell phone easily and without leaving a trace. The program affects both Android and iOS smartphones — investigations indicate that even the latest system versions of iPhones are not immune to the virus.

The spy virus usually infects the device with a simple text message and a link. Thus, just one user click on the suspicious URL can be enough to compromise the entire device. With the victim’s phone number and physical proximity, the software can also be installed remotely using network transmission.

Pegasus interfaceAfter installing Pegasus, mobile activities can be monitored remotelySource: Amnesty

And the spyware’s performance is quite silent and can go unnoticed by even the most experienced users. To verify the presence of the program on infected journalists’ devices, Amnesty Security Lab specialists have developed their own software to find traces of Pegasus, and not even the specific solution is 100% functional in detecting the program.

However, getting this kind of access is not easy. As Kaspersky explains, Pegasus usually manages to infiltrate operating systems using zero-day flaws, which are vulnerabilities not yet fixed or discovered by companies like Apple and Google.

“These are vulnerabilities that the developer is not aware of and for which a fix has not yet been released, but which can be exploited by cybercriminals to implement a variety of types of attacks, including attacks targeted at specific organizations or people,” explains Dmitry Galov, Kaspersky security researcher.

Should I be concerned?

Although frightening, the software developed by the NSO Group is also a sophisticated and expensive program, which makes the use of spyware very restricted. “It s unlikely that ordinary users will find it on their devices,” says the Kaspersky researcher.

PegasusSource: Amnesty/Howie Shia

According to information released this Sunday (18), the list of 50,000 people of interest who may be being spied on include lawyers, journalists, human rights activists  and politicians. With that in mind, unless you’re part of a “at risk group,” you might not have anything to worry about right now, at least for the time being.

Experts like Edward Snowden fear that the growth of cases like this will lead to more constant use of spy software even on ordinary people. At the moment, however, Pegasus traces have only been found on “targets of interest” devices.

How to protect yourself?

Due to Pegasus’ high level of complexity, protecting yourself against malware is a daunting task. One of the ways to (try) to stay safe is to use your cell phone with caution and avoid suspicious links and attachments or from unknown sources.

Using strong passwords and two-step verification can also ensure that your accounts will not be compromised in the event of eavesdropping. In addition, Kaspersky recommends that users report security flaws and bugs so that companies can shield their systems and avoid possible security breaches.

“The best way to stay protected from tools like this is to provide as much information as possible about these cases to software and security vendors,” explains the Kaspersky representative. “Software developers will fix vulnerabilities exploited by attackers and security vendors will take steps to detect and protect users from them.”

Leave a Comment