Pegasus spyware can be covertly installed on your phone by exploiting vulnerabilities in apps and tools, thus using your own phone to spy on you. It has turned into a global focal point as a tool that undermines democratic rights of individuals. Here is an explainer on what the spyware is all about.
WHAT IS PEGASUS SPYWARE?
Pegasus is a spyware that can be installed on mobile phones without the user even getting to know about it
It can target Apple iOS and Android devices, and is even able to infect the latest iOS versions, including the iOS 14.6
The spyware can use your phone camera, and even copy/send messages
WHAT CAN THE SPYWARE DO?
It can monitor all communications from your phone, including emails, text messages, and even the web searches you have done
It can help track the user through location identification and can track your calls too
Your phone will be used to spy on you, because the phone’s camera and microphone are used for surveillance
HOW DOES THE SPYWARE INFECT iPHONES?
It impersonates applications downloaded on an iPhone
Then it is transmitted through push notifications using the Apple servers
The spyware can infect your phone by exploiting the photo app, the Apple Music app, or a zero-click iMessage
iMessage is an Apple Inc-developed instant messaging service launched in 2011 to work on Apple platforms like iPadOS, macOS, iOS and watchOS
WHO DEVELOPED PEGASUS?
Israeli firm NSO group
The company is also known as Q Cyber Technologies. The use of Pegasus had been justified by the developers for targetting terrorist organisations and criminals, but it has also found favour among authoritarian leaders to spy on opponents as well as journalists
Human rights group Amnesty International helped reveal this month that the spyware was being exploited for misuse to target political opponents, critiques and journalists in violation of democratic principles
HOW CAN YOU KNOW YOUR PHONE HAS MALWARE?
It runs slower than usual
Noticeable performance drop
You notice apps crashing while using them
WHAT CAN DETECT PEGASUS?
A tool called Mobile Verification Toolkit (MVT) can detect Pegasus. It can help you know if Pegasus has installed itself on your phone
The advantage is that this tool can work on iOS and Android devices, but due to more pronounced forensic traces it is easier to do so on the former than the latter
WHO DEVELOPED IT?
Israel's NSO Group developed it in 2016. It first came out into the open in 2018 when a phone of a human rights activist in Israel was the target of an infection attempt
Its popularity grew due to data on its capabilities in maintaining surveillance in a cov- ert manner targeting individuals and organisations
In August 2020, NSO Group reportedly sold the spyware to United Arab Emirates to help it maintain surveillance on anti-regime elements and not-so-friendly nations
Pernicious Pegasus
The powerful spyware can sneak into your phone in at least two easy ways. Unlike in the past — when a non-techsavvy generation could be nudged to click on malicious links — Pegasus infections can now be achieved through “zeroclick” attacks, requiring no user interaction whatsoever.
These zero-click security breaches can occur via mail apps, p2p device protocols, WhatsApp, or even the graphics library — a simple unanswered WhatsApp call can place the Pegasus code on your device.
These attacks often rely on another deeper vulnerability known as “zeroday”, which are the loopholes in a mobile OS that a phone manufacturer doesn’t know about.