Browse by Domains
Table of Contents

Pegasus Spyware: Everything You Need to Know

By Updated on Nov 18, 2022 8807
Table of contents

Introduction to Pegasus Spyware

With unprecedented reliance on the internet and our gadgets to get business-related, financial, and personal tasks done, there is more information that is constantly available online for hackers to access. 

Many of us are aware that cyberattacks have increased exponentially over the past couple of years. Individuals and businesses alike have had critical information and conversations compromised due to hackers relentlessly infecting their devices. 

And currently, what is creating waves is the global collaborative investigation into the Pegasus Spyware. It has been termed “the most sophisticated” smartphone attack ever. Some have even called it the “ultimate spyware.” 

Are you wondering how this spyware is a matter of concern for countries such as the US, UK, France, and Germany, among many others? Keep reading, and we will tell you exactly why! 

The Origins of Pegasus Spyware 

The Pegasus Spyware, a malicious software (aka malware), is created by an Israeli cyber arms firm called the NSO Group to combat terrorism and crime globally. 

The name ‘Pegasus’ for this spyware was inspired by the Trojan horse. The name suggests that it can be sent ‘flying’ through the air into various phones. 

Although it has only recently been discovered, the initial usage of the Pegasus Spyware can be traced back to UAE in 2013. 

Since then, it has reportedly affected countries such as Israel, the USA, Mexico, and India, among numerous others. It has affected a total of over 45 countries in the world. 

In the case of India, it was suspected by Facebook as early as 2019 that Pegasus was intercepting some WhatsApp communications. 

In July 2021, the Pegasus Spyware suddenly gained widespread publicity due to an Amnesty International investigative report stating that it is being misused to access peoples’ personal information without consent.

Essentially, it is as if someone is quietly listening to all your conversations and has been for years. The worst part is that you may never even find out that your phone has been infected by the Pegasus Spyware unless your device is scanned at a digital security lab! 

“The Most Sophisticated Smartphone Attack”

So what makes the Pegasus Spyware so infectious, that it has not only affected numerous citizens within one country but has done so in multiple countries so effortlessly? 

Typically, malware infects a device when the user clicks on a link or opens an email with the malware embedded in it. In order words, there has to be some interaction between the user and the malicious software for the device to get affected. 

However, that is not the case with Pegasus Spyware. 

The Pegasus Spyware uses a series of ‘network injections,’ enabling the attackers to install the spyware without requiring any interaction with the target. It can achieve such zero-click infections in other ways too. 

One such over-the-air (OTA) option is to send a ‘push message’ (i.e., messages from an already-installed app on the phone) so that the target device loads the spyware covertly, without the user ever getting to know that their device has been affected. 

Additionally, it has also been observed to use a zero-click iMessage exploit to target iPhones. 

NSO acknowledges that the zero-interaction infection ability of the Pegasus Spyware is what makes it so unique. 

Usually, the Pegasus Spyware only needs the phone number of the target for a network injection, and the rest is done automatically by its system. 

What Information Pegasus Can Access

Once infected with Pegasus Spyware, a device is under the complete control of the attacker. It acts as a listening and tracking device for the user. 

Not only does the Pegasus Spyware give the attacker access to a user’s texts, phone conversations, contacts, and emails, but it also can use the GPS function to track their location. 

Pegasus can also send the attacker the user’s private data such as passwords, calendar events, and even end-to-end encrypted messages (in messaging apps such as WhatsApp). The attacker can use the camera and microphone of the device as well.   

To avoid detection by antivirus software, the Pegasus Spyware sends only scheduled updates to a command and control (C&C) server, i.e., to the attacker. 

This way, it is also able to strategically avoid any detection by antivirus software as well as forensic analysis. The spyware can also be removed or deactivated by the attacker if deemed necessary. 

How to Protect Your Device 

Now that we have established that this isn’t just some run-of-the-mill malware that we are dealing with, we need to be mindful of using specific strategies to secure our devices. Despite how undefeatable the Pegasus Spyware may seem, one must take measures to avoid infection. 

For the Pegasus Spyware to work, the device it is targeting has to be compatible with its technology. This translates to compatibility with NSO groups’ technology system, which is the foundation for Pegasus.  

Amnesty’s report finds that in the case of iPhones, systems between iOS 7 and iOS 14.6 are particularly vulnerable due to their compatibility with the NSO group’s technology system. However, if a gadget is not compatible with the NSO system, Pegasus will not be able to affect it.  

Another way is to change your default phone browser. Installations from a browser other than the phone’s default browser are not supported by the system. Additionally, Google Chrome installed on an Android phone, in particular, is not supported either. 

Along with their report, Amnesty International also provides a toolkit for users to install that alerts them of the presence of Pegasus Spyware. 

Known as the Mobile Verification Tool or the MVT, the toolkit scans the backup file of your device for any evidence of compromise. Although it works on both iPhones and Android phones, it is more likely to be accurate for iPhones. 

Amnesty states that this is because more iPhones have been affected by Pegasus anyway, which is why the accuracy of MVT is also higher for iPhones. Regardless, MVT will alert you of any spyware on your device, and the encrypted files can then be removed. 

Do keep in mind that the Pegasus Spyware infects the hardware of a phone. So if you change your device, the spyware will not automatically transfect to the new device. 

Conclusion 

Despite these loopholes in the Pegasus Spyware, it can still be injected into any device physically. If an attacker has physical access to a user’s device, it can be infected with Pegasus in less than five minutes. All without your knowledge. 

And as screen time continues to increase, people are at a higher risk than ever before of more such spyware that is quiet, efficient, and all the more dangerous because of these reasons. 

As working professionals in this digital economy, we need to equip ourselves with skills to keep information systems safe but also to become more employable. If the prospect of protecting systems inspires you, take a look at Cyber Security Program delivered and supported by Great Learning

This step to upskilling with cybersecurity could transform your career as more and more businesses look for cybersecurity experts in the face of increasing threats to information security! 

Maansi Kumar
Maansi is an aspiring researcher and enjoys writing research-focused articles. She attended high school in China and studied Economics & Gender studies in the US. In her free time, you'll find her learning about art history or enjoying independent films. She also enjoys kickboxing, yoga and spending time in nature.
Recommended for you

Leave a Comment

Your email address will not be published. Required fields are marked *

Great Learning Free Online Courses
Scroll to Top