Pegasus Snooping

Pegasus Snooping

What is Pegasus?

Built by an Israeli company, NSO, Pegasus is a spyware that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. The spyware can snoop into the device system without the knowledge of the user. With this uniqueness, Pegasus is being marketed by its creators as the top cyber intelligence solution to law enforcement and intelligence agencies around the world to extract data from virtually any mobile device.

How does it do it?

Pegasus can infect any mobile device connected to the internet. The earlier versions of this spyware required the user to click on a malicious link but the newer versions have evolved capabilities like zero-click attacks. Zero click attacks are injections that do not require any interaction from the phone’s owner in order to succeed. Pegasus can achieve such zero-click installations in various ways. One over-the-air (OTA) option is to
send a push message covertly that makes the target device load the spyware, with the target unaware of the installation.

Once infected, a phone becomes a digital spy under the attacker’s complete control. Upon installation, Pegasus contacts the attacker’s command and control (C&C) servers to receive and execute instructions and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls (even those via end-to-end-encrypted messaging apps). The attacker can even control the phone’s camera and microphone, and use the GPS function to
track a target.

Who all are targeted?

Several national leaders including Prime ministers and Presidents around the world have reportedly been the probable targets including others. In India, hundreds of people have been targeted. The list includes Cabinet ministers, opposition leaders, top lawyers, businessmen, activists, and journalists.

How can you protect yourself?

The best way to protect yourself is to keep the device updated with the latest security patch offered by the manufacturer. iPhone users can change their default phone browser. According to a Pegasus brochure, “installation from browsers other than the device default (and also chrome for android based devices) is not supported by the system”. Also, using old feature phones instead of smart phones could also be a better idea. The old feature phone is simply a communication device where you can talk or can send messages. So snooping becomes limited.

The spyware is named after the mythical-winged horse Pegasus – it is a Trojan horse that can be sent “flying through the air” to infect phones.

Can Pegasus infect all devices?

Though all devices can be affected by the spyware, iPhones have been a wide target of this spyware through Apple’s default iMessage app and the Push Notification Service. The attacker needs to feed the Pegasus system just the target phone number for a network injection. The rest is done automatically by the system and the spyware is installed in most cases.

In some cases, though, network injections may not work. For example, the remote installation fails when the target device is not supported by the NSO system, or its operating system is upgraded with new security protections.

What is Pegasus?

Built by an Israeli company, NSO, Pegasus is a spyware that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. The spyware can snoop into the device system without the knowledge of the user. With this uniqueness, Pegasus is being marketed by its creators as the top cyber intelligence solution to law enforcement and intelligence agencies around the world to extract data from virtually any mobile device.

How does it do it?

Pegasus can infect any mobile device connected to the internet. The earlier versions of this spyware required the user to click on a malicious link but the newer versions have evolved capabilities like zero-click attacks. Zero click attacks are injections that do not require any interaction from the phone’s owner in order to succeed. Pegasus can achieve such zero-click installations in various ways. One over-the-air (OTA) option is to send a push message covertly that makes the target device load the spyware, with the target unaware of the installation.

Once infected, a phone becomes a digital spy under the attacker’s complete control. Upon installation, Pegasus contacts the attacker’s command and control (C&C) servers to receive and execute instructions and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls (even those via end-to-end-encrypted messaging apps). The attacker can even control the phone’s camera and microphone, and use the GPS function to track a target.

Who all are targeted?

Several national leaders including Prime ministers and Presidents around the world have reportedly been the probable targets including others. In India, hundreds of people have been targeted. The list includes Cabinet ministers, opposition leaders, top lawyers, businessmen, activists, and journalists.

How can you protect yourself?

The best way to protect yourself is to keep the device updated with the latest security patch offered by the manufacturer. iPhone users can change their default phone browser. According to a Pegasus brochure, “installation from browsers other than the device default (and also chrome for android based devices) is not supported by the system”. Also, using old feature phones instead of smart phones could also be a better idea. The old feature phone is simply a communication device where you can talk or can send messages. So snooping becomes limited.

 

COMMENTS