Pegasus is spyware developed by the Israeli cyber arms firm NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus can read text messages, track calls, collect passwords, location tracking, access the target device’s microphone and camera, and harvest information from apps. NSO Group states that it provides “authorized governments with technology that helps them combat terror and crime.”
In July 2021, widespread media coverage part of the Project Pegasus revelations along with an in-depth analysis by Amnesty International uncovered that Pegasus is widely used against high-profile targets like journalists, politicians, government officials, chief executives, and human rights activists.
The Pegasus spyware can infect the phones of victims through a variety of mechanisms. Some approaches may involve an SMS or iMessage that provides a link to a website. If clicked, this link delivers malicious software that compromises the device. Others use the more concerning “zero-click” attack where vulnerabilities in the SMS or call allows for infection by simply receiving it, and no user interaction is required. The aim is to seize full control of the mobile device’s operating system.
While the leak of more than 50,000 allegedly monitored phone numbers seems like a lot, it’s unlikely the Pegasus spyware has been used to monitor anyone who isn’t publicly prominent or politically active. However, there are mechanisms to show whether your device has been compromised. The easy way to determine this is to use the Amnesty International Mobile Verification Toolkit (MVT). This tool can run under either Linux or macOS and can examine the files and configuration of your mobile device by analyzing a backup taken from the phone. While the analysis won’t confirm or disprove whether a device is compromised, it detects “indicators of compromise,” which can provide evidence of infection.
Unfortunately, there is no current solution for the zero-click attack. There are, however, simple steps that can be taken to minimize potential exposure:-
- Only open links from known and trusted contacts and sources when using any device.
- Make sure the phone/ device is updated with relevant patches and upgrades.
- Limit physical access to phones by enabling pin, finger, or face-locking on the device.
- Avoid public and free WiFi services, especially when accessing sensitive information.
- Encrypt the phone/ device data so that data can remain safe if the phone/ device is lost or stolen.
1- image credit (featured image)