Table of Contents[Hide][Show]
A leak in 2021 showed a list of over 50,000 cellphone numbers believed to be targeted by governments around the world. Among these targets included members of the Arab royal family, human rights activists, journalists, and politicians. These highly influential people are just a fraction of what might just be one of the most widespread spyware operations in history.
Many of these targets were later proven to have been attacked by a program known as Pegasus. Pegasus is an example of a type of malicious program known as spyware. Spyware aims to gather information about a person or organization without the user’s knowledge.
Where did this Pegasus spyware come from? The NSO Group has become notorious lately for selling its Pegasus spyware to governments around the world. Insiders say that they would charge governments millions to give them the power to spy on their citizens.
NSO Group is just one of many technology firms in Israel that have become their own digital arms dealers. Let’s take a look at the unsettling reality behind government surveillance and the technology companies that make it possible.
What is Pegasus Spyware?
Pegasus refers to certain spyware developed by the Israeli tech company NSO Group.
The company NSO Group was founded in 2010 and has since provided spyware and other types of software to government agencies around the world.
Pegasus is one of their most powerful offerings, capable of infiltrating mobile phones without the user’s knowledge. It was first discovered in August 2016 when human rights defender Ahmed Mansoor received a malicious link in his text messages.
Mansoor sent the link to Citizen Lab, a laboratory in Toronto that specializes in internet security. They found out that the link would have jailbroken Mansoor’s iPhone and installed malicious software. Afterward, further analysis tied the code to the NSO Group’s leaked project Pegasus.
What kind of data can Pegasus get from users?
Pegasus is capable of reading text messages, tracking calls and collecting passwords. The spyware also exploits vulnerabilities in the phone’s operating system to access the microphone and camera.
Pegasus can even steal information from other applications such as browsing history, emails, calendars, and a user’s contact list.
How does Pegasus Spyware Work?
Pegasus spyware has been found on certain versions of iOS and some Android devices.
The Pegasus spyware has been observed to spread through various methods. Some fell victim to Spyware after clicking on a URL sent via SMS or iMessage.
Other users contracted the spyware through a “zero-click” attack, or without any user interaction. For a time, Apple’s iMessage service had a vulnerability where even just receiving a message could allow your device to be compromised.
Once a copy of malicious code is installed into the victim’s device, the spyware will try to run processes in the background that tries to obtain root permission. The program will now try to obtain root access to your phone. Obtaining such access means that almost any data stored in your phone can be sent back to a remote server.
But how exactly does Pegasus accomplish a total takeover of your phone?
While experts are still discussing the exact methods used in Pegasus, it’s likely that they rely on zero-day exploits. A zero-day exploit or vulnerability is a software flaw that attackers have discovered before the vendor has become aware of it.
NSO Group most likely hires a team of specialists that try to find these exploits and adds them to the Pegasus Suite. Since different phones have different vulnerabilities, Pegasus likely uses several exploits to achieve its goal of getting root access to your device.
Amnesty International’s Security Lab has released a report which outlines the forensic traces left on mobile devices after they have been affected by Pegasus. The report shows that the spyware uses applications such as iMessage, Apple Music, and Apple Photos as part of an exploit chain to deploy Pegasus on iOS devices.
What countries have used Pegasus?
A joint investigation conducted in July 2021 identified 11 countries as NSO clients including Azerbaijan, Bahrain, Hungary, India, Saudi Arabia, and the United Arab Emirates. At least 180 countries from over 20 countries were the target of NSO spyware between 2016 and June 2021.
This widespread use of government surveillance has made various international organizations critical of Israel’s role in allowing NSO Group to provide such services.
Both Facebook and Apple have initiated suits against NSO Group. Facebook claims that Pegasus was used to intercept WhatsApp communications in India, while Apple has sued NSO Group for targeting their users.
How To Defend Yourself Against Pegasus Spyware
While most targets of the Pegasus spyware are high-profile figures such as politicians and journalists, ordinary citizens could still be at risk of the Pegasus spyware.
Here are some ways you can defend yourself against NSO Group’s controversial product.
Reboot your devices often
The Pegasus infection chain relies on zero-day exploits to take control of devices. Rebooting a device daily can increase the chances of detection. Attackers will also be less likely to persist with the infection.
Don’t click on links received via SMS or iMessage
Various Pegasus customers still rely on 1-click exploits to infect devices. The most common variant of this is an infection from clicking on links sent to the victim’s phone number. To prevent infection, you can try to open the link on a desktop computer instead, rather than your phone.
Use a VPN when browsing the Internet
Pegasus can exploit a man-in-the-middle attack to infect your device. Using a virtual private network or VPN can help mask your traffic from potential attackers.
Keep your phone updated
Google and Apple continually update their software to patch exploits. Users who want to be protected from potential spyware exploits should always update their devices. This helps minimize the number of vulnerabilities an attacker can exploit.
NSO still denies any wrongdoing with their services, which they claim is intended to be used against criminals. Despite this, reports from various organizations prove that non-criminal individuals have been targeted by government clients using Pegasus.
The existence of Pegasus brings up several ethical issues concerning national security and our right to privacy. Should citizens simply accept government surveillance in the name of national security? Should Israel be sanctioned for its support of these technology companies?
Initiatives such as the Pegasus Project hope to find more evidence of malicious activity and push for governments to crack down on these surveillance issues.