Recently, the name ‘Pegasus’ is becoming virally famous. There is a good chance that you’ve already come across the name. But if you haven’t then this blog post is very crucial for you to understand as your mobile phone may be at risk.
Pegasus is spyware (software made for spying) developed by Israel-based security company, NSO Group Technologies. The reason that the name is currently in news is that recently few statements and information have been given by trusted sources regarding ‘Pegasus’ being used in India. Presumably, it was used by the government of India to spy on some activists, journalists and lawyers during May 2019 through their smartphones.
Hence it becomes crucial for us to understand that, by any chance, is this spyware on any of our phone too?
What is Pegasus?
Pegasus is spyware (software made for spying) developed by Israel-based security company, NSO Group Technologies. As per a detailed report about the spyware, which was uploaded on a cloud by Claudio Guarnieri, Pegasus is meant to infiltrate smartphones without the user noticing its presence and work on three things viz collecting historic data of the device, continuously monitoring user activities and transmit the collected data to a third party.
Claudio Guarnieri is the Head of Security Lab at Amnesty International. As further suggested, the spyware is not only capable of penetrating through iOS & Android, but can also infiltrate Symbian and Blackberry devices too. The spyware completes the process of installation silently in the background, completely without letting the user notice anything.
How it may enter your phone?
The malware generally infects devices via a phishing attack. Users/device owners will receive usual text messages that trick the users into clicking a particular link included in the message. This happens using the over-the-air update system and more. Once the user clicks the link, the software sneaks in the background, without the user noticing the activity.
In the case of Whatsapp, the vulnerability got detected while fixing a bug. The malware infected the device through missed video calls. This security gap was plugged by WhatsApp back in May this year. It has been confirmed by WhatsApp’s Global Head, Will Cathcart through an op-ed page in the Washington Post.
Detection of Pegasus
The malware’s iOS version was first detected in 2016 while it was revealed by Google that it is on Android too. The detection was announced by a security firm, ‘Lookout’ at the Security Analysts Summit, 2017. While the world knows the spyware by the name ‘Pegasus’, Google assigned the name ‘Chrysaor’ to the android version of Pegasus. All this comes in between when we understand that Pegasus doesn’t require the user’s attention to get hands-on the device. This makes Pegasus literally dangerous for the users and highly popular amongst the security contractors.
While we are at it, as per the Lookout’s technical analysis of Pegasus and as per the details of the product shared by Guarnieri, it is clear that WhatsApp isn’t the only sufferer. The reach of the malware is much beyond that, deep into our phones.
While highlighting the severity, one of the biggest security firm ‘Kaspersky’ wrote in a blog “As for surveillance, let’s be clear: We’re talking total surveillance.”
How does it work?
After completing the installation on the phone, the malware has access to the innermost data and information on your phone including your device’s details, software, user-interface, location, browsing history, files, emails, photos, videos, messages, contacts, calls, social media handles, other messaging apps and everything else. It knows your phone better than you ever did.
Not only this, the spyware uses the microphone of the Smartphone to listen to you, your conversations as well as the sounds around you, your calls etc. It also uses the phone’s camera to take photos, videos, sometimes and screenshots. And all of this, without you noticing anything.
Like literally the spyware would click a photo or record a video or a call, and store it to send it to the third party, without you, noticing anything. And to add to the mystery, it follows serious precautions before sending data to someone. It does not transmit data when a Smartphone is on roaming unless it’s on WiFi. This is sought to avoid getting tracked by the users due to high mobile data usage through bills or data monitoring applications in the phone.
As soon as the device gets connected to a Wifi connection, the spyware transmits the data which was collects and stores on your phone in an encrypted buffer. It also avoids transmitting data when the phone’s battery is low, to avoid getting noticed through unusual power consumption. It also never uses more than 5% of space on your phone. For example, if you have 10GB of free space the malware will use only about 500MB at a time. And if it hasn’t been able to transmit to its servers for a while, it removes data on a first in first out basis.
How to save yourself from Pegasus?
Interestingly, there’s no specific way to avoid a Pegasus attack. The users need to follow the regular best practices to avoid malware from infecting your smartphone. The security experts simply suggest that users should avoid downloading suspicious files, clicking on unknown links etc. These are some of the best methods to fight this smartphone malware.
Also, here are some of the best & most popular surveillance programs other than Pegasus, used by surveillance agencies to spy on mobile phone users.
RCSAndroid: Hacking Team, a Milan-based company designed an Android surveillance tool which collects data and is generally sold to law enforcement and government agencies. It managed to escape google’s security scans and was disguised as a news app on the Play Store.
DROPOUTJEEP: The program is highly responsible for breaching & compromising Apple iPhone users. It is the first go-to tool for the US’ National Security Agency (NSA). It can access files on your device, read SMS texts, voicemail messages and more.
XKeyscore: The malware has been termed as “Widest Reaching” by the NSA in its training material. It is a system for gathering intelligence off the Internet. It was one of the programs revealed by whistleblower Edward Snowden.
Livestrong: The US Central Intelligence Agency (CIA) uses this malware to compromise devices running on Android 4.4 KitKat mobile phones. It was revealed by WikiLeaks as part of the famous Vault7 data dump.