Pegasus Digital Spyware: Everything You Need to Know
In recent years, spyware application Pegasus has become a hot topic in tech world. It’s a malware designed to exploit data (calls, records, texts, photos, location) from smartphones. It has been used for spying on many prominent politicians, journalists, human right activists. Now a days, it becomes a threat for human privacy. So everyone who is using smartphone should know about this spyware application for their own privacy and safety.
What is Pegasus?
Pegasus is a spyware for spying on someone through digital devices specially through smartphones. It’s effective on both iOS and Android operating system. It’s named after the flying horse from Greek mythology. It is a Trojan Horse computer virus that can be sent “Flying Through the Air” to infect cell phones. As far, this spyware is capable of exploit browsing history, reading text messages, tracking calls and location. It is considered as the most sophisticated smartphone spyware that has ever made. Before going into the details, let’s look back into the history.
The Beginning
Pegasus Spyware was invented by Israeli tech start up NSO group in 2010. According to various sources, Pegasus was first used by the Mexican Government to detect the location of Mexican drug lord Joaquin Guzman in 2011. But it came into media attention after a failed installation attempt on an United Arab Emirates human right activist’s iPhone in 2016. Later on, it was also used by the governments Arab countries and India to steal data from prominent Journalists, Human right activists and politicians of opposite party. Even it has been reported that Indian government has tried to spy on Pakistani prime minister Imran Khan by using Pegasus. Though NSO group stated several times that they have made this software only for the governments to detect criminals and extremists, Governments of several countries have used it for spying on journalists, political oppositions that clearly violates the human rights.
How Does It Work?
Usually communication applications and software like Google, What’s app, Yahoo use End to End Encryption technology that scrambles the data from sender and unscrambles it to the receiver and ensure no one in between this can interpret this data. But Pegasus is designed in such a way that it can disable the End to End Encryption technologies and interpret in between to exploit data. Pegasus uses “Command and Control” technology, popularly known as C&C to exploit the targeted smartphone. There are at least four C&C infrastructure with 500 unique domain names for each of them. Moreover, they use three sub-domain for each exploitation attempt that makes it impossible for usual virus scanner to detect the presence of this spyware.
How does it infect your phone?
In earlier days, Pegasus usually send messages which is known as Enhanced Social Engineering Message to the targeted Smartphones through social media apps like What’s App or messenger, when the user click on the link from the message, the link automatically redirect the phone to install the Pegasus spyware. But now a days Pegasus is so powerful that it can be installed by Zero Click Exploitation, which means the targeted smartphone user doesn’t need to click any link to install Pegasus. It can be installed by sending a message with no notification or by a missed call on What’s App that will be automatically deleted from notification. So advanced technologies are making it almost impossible for the victims to detect any kind of installation forecast. However, to protect private data of individuals and organizations we need to find out a solution.
Is Your Device Vulnerable to Pegasus Spyware?
Primarily Pegasus spyware targeted the iPhones through Apple’s default messaging application iMessage App. But in 2017 google confirms that android devices are also vulnerable to the Pegasus spyware. In 2020, Apple updated their security system in iOS 14 version to protect devices from Pegasus. But still as Pegasus is improving and updating their software everyday. So it doesn’t matter which version or which operating system you are using, your device can be infected anytime by Pegasus spyware.
How Pegasus Steals Data?
Pegasus Spyware is usually installed in two ways: Spear-Phishing and Zero Click. Spear-Phishing is a process of installing it by clicking a link and Zero Click works without any click or any intervention from the user. In both cases, Pegasus always looks for bugs or vulnerability in Android or iOS system and makes its way of exploiting information. It examines the designated gadget. Then, at that point, it introduces the modules that are important to perform activities identified with reconnaissance.
What Can Pegasus Steal?
Pegasus is designed to steal data from the phones of the targeted individual. It can monitor . all of your communication tools like your phone calls, text messages, emails, call history, browsing history and so on. It can track your location and calls. It can also turn your phone spying on you by your phone’s camera and microphone.
Privacy, Security and Ethics
Privacy is a universal human right. Every individual deserves to keep his private information like call history, browsing history and hundreds of personal staffs out of government surveillance. So using spyware like Pegasus to exploit someone’s personal information is undoubtedly unethical. Moreover authoritarian government are using this technology to suppress their political opposition. Also as this tool is being used to spy on several head of government, it is threatening to national security. So should Pegasus be stopped? In the world of technology, you can’t stop anything. Moreover, Pegasus can be a good technology against the terrorists, extremists and drug lords. So government that are buying Pegasus, have to ensure that it will only be used against criminals only and won’t be used against the innocent people or political rivals.
Who are at the risk of Pegasus?
Pegasus is really expensive. It costs hundred thousand dollars to be installed in a single decive. So it doesn’t infect random devices. It only infect specifically targeted devices. So if you are not someone with high profile and have clash with governments, you are not supposed to be a victim of Pegasus. So far, powerful politicians (including prime minister of Pakistan, President of France), businessman, influential journalists and human right activists were victim of Pegasus.
Symptoms of Pegasus Infection
Pegasus spyware is designed in such a way that it’s almost impossible for the victims to identify whether his phone is infected by Pegasus or not. Though there is no authentic clue to identify Pegasus Infection, you can check it by Amnesty International Mobile Verification Toolkit. While the analysis won’t confirm or disprove whether a device is compromised, it detects indicators of compromise which can provide evidence of infection. Some tech experts suggest to check your phone charge if it is decreasing faster than usual. As this type of spyware consume power, decreasing phone charge faster than usual may be a sign of Pegasus infection.
How to Prevent Your Phones from Pegasus Infection
As Pegasus uses Zero Click Installation technology, it is almost impossible to protect your device from it’s attack. But you can still have some protection to be safe from Pegasus. First of all, do not open any link from unknown or untrusted sources. Secondly, do not download any apps from unofficial sources. If you are an Android user, make sure you only download apps from Google Playstore. Usually cyber criminals use various sources to find a bug on your operating system to install spying software. So don’t let them do so with you by downloading any app from unauthentic Sources. Thirdly, never forget to update your phone with the latest version of your operating system. Operating System providers like google or apple always try to fix their bugs and upgrade their version. So updating your phone with the latest version of operating system will keep you safer. Last but not the least, always try to avoid using public Wi-Fi in restaurants or hotels. In case of emergency, use VPN while sharing sensitive data in such situation.
What to Do If You are Already Infected
If you are already infected, turn off your phone immediately. As Pegasus is operated by using your smartphone hardware, turning off your phone will disable it’s operation. Try to use another phone. Then inform it to your law enforcement agency report a general diary. Take some suggestion from a trusted IT expert to identify your damage and recover it.