Spyware threat is not a new story in the cyber world and the hackers made use of it to track the movement of the targets with the help of various gadgets. Here the major controversy has started over the highly sophisticated surveillance system on Sunday, July 18, a report claimed that documents acquired by an international collaboration revealed a list of phone numbers that would seem to be targets of surveillance by an unnamed agency using Pegasus software.
The Pegasus spyware appears to have been used to spy on more than 1,000 people in 50 countries using a list of over 50,000 phone numbers.
According to reports, over 40 Indian journalists were targeted along with a few other public figures like politicians, government officials, chief executives and human rights activists. Despite the fact that this is a developing story, it is critical to understand how this software and its history can be used to hack into your smartphone.
What is Pegasus and its History?
The Pegasus hacking software has been labeled as one of the most sophisticated tools available today to penetrate cell phones. The NSO Group has repeatedly claimed that it is not responsible for misuse of Pegasus software.
As far as the company is concerned, the tool is only sold to vetted governments, not to individuals or other firmsPegasus first came to public attention in 2019 when some journalists and activists discovered their phones had been hacked by the spyware. These journalists and activists began receiving notifications about spyware in their phones.
Pegasus is a highly sophisticated surveillance software developed by the NSO Group, an Israeli tech firm. NSO Group specializes in creating specialized cyber weapons. Pegasus first came to public attention when it was reportedly used to hack into an Arab human rights activist’s iPhone in 2016. Apple reportedly fixed the vulnerability affecting Pegasus after releasing an update days after the alleged incident.
Later in 2017, researchers found that the malware could also be exploited for Android devices. It led to new security updates. In 2019, Pegasus was also involved in a lawsuit filed by Facebook against the NSO Group that created the surveillance software.
Thus far, reports point to a surveillance effort reminiscent of an Orwellian nightmare in which the spyware captures keystrokes, intercepts communication, tracks the device, and uses the camera and microphone to spy on the user.
Pegasus software is deemed to be a “modular malware” based on their findings — once Pegasus scans a target’s phone, it installs modules based on its needs. As examples of what these modules can do, they can:
- Read user messages and emails
- Eavesdrop on calls and obtain information about contacts and browser history
- Capture screenshots and record keystrokes
What is Pegasus’ Method of Hacking Phones?
Pegasus’s biggest USP is that the user has no idea their phone is compromised as it promises seamless intrusion. Through the Pegasus software, some methods have been reported of compromising a phone.
A hacker could make the target click on a malicious url sent to their phone to gain access. The software can also be installed through WhatsApp and similar apps by exploiting a security flaw.
The hacker can install software on a victim’s phone by missing a call, which then deletes call log entries to ensure the victim remains unaware of the hack. After being installed, Pegasus could potentially access everything on the phone, including encrypted files and chats.
According to cybersecurity researchers, Pegasus can access messages, calls, app activity, user locations, video camera, and microphone on a compromised device. When describing Pegasus’ capabilities, researchers from Kaspersky, a prominent cybersecurity company, used the phrase “total surveillance.” The goal is to seize full control of a mobile device’s operating system, either by rooting (on Android devices) or jailbreaking (on Apple iOS devices).
Rooting an Android device usually entails installing applications from unsupported app stores or reenabling a function that was disabled by the manufacturer. Similarly, a jailbreak can be deployed on Apple devices for installing apps not available from the Apple App Store, or unlocking the device so it can be used on alternative cellular networks. By rooting or jailbreaking the operating system, the security controls are removed. Most of the time, they consist of a combination of configuration changes and a “hack” of the operating system to allow modified code to run.
Are Apple Devices More Secure Than Android Devices?
Media reports on Pegasus usually focus on the compromise of Apple devices. Although the spyware targets Android devices as well, it isn’t as effective since it relies on a rooting technique that isn’t 100% reliable. Supposedly, if the initial infection attempt fails, the spyware prompts the user to grant appropriate permissions to enable effective deployment.
Isn’t Apple more secure than Android devices? Although Apple devices are generally considered more secure than their Android counterparts, no device is 100% secure. The code of Apple’s operating systems, as well as apps available on Apple’s app store, is under the company’s full control. As a result, a closed-system is often referred to as “security by obscurity”.
Furthermore, Apple exercises full control over when updates are rolled out, which are then quickly adopted by users. The latest iOS version is automatically installed on Apple devices. Using this approach improves security and also increases the importance of finding a workable compromise for the iOS release as it will be used by a vast number of devices worldwide.
In contrast, Android devices use open-source technologies, so hardware manufacturers can modify the operating system to enhance functionality or optimise performance. The vast majority of Android devices are running varying versions – unavoidably resulting in insecure devices (which are advantageous to cybercriminals).
Ultimately, compromise is a possibility for both platforms. Two factors are crucial: convenience and motivation. A malware tool for iOS requires more time, effort, and money to develop, but with many devices running an identical operating system, the chances of success are greater.
What are The Signs That You are Being Monitored?
In spite of the vulnerability of many Android devices, the variety of hardware and software make it more difficult to spread malicious codes across an entire user base. The leak of more than 50,000 allegedly monitored phone numbers may seem like a lot, but Pegasus spyware is unlikely to have been used to monitor anyone who isn’t politically active or publicly prominent. So, how do you come to know if you are hacked?
It is in the innate nature of spyware to remain undetected on a device. However, there are mechanisms in place to detect whether your device has been compromised. It can be achieved in a relatively easier way with Amnesty International’s Mobile Verification Toolkit (MVT). Using this tool, one can analyze a backup taken from your mobile phone and examine your mobile device’s files and configuration under Linux or MacOS.
Despite the fact that the analysis cannot confirm or disprove whether a device is compromised, it can detect “indicators of compromise” that can provide evidence of infection. Specifically, the tool can detect the presence of specific software (processes) running on the device, as well as a wide range of domains used as part of a global spyware infrastructure.
What is The Best Way to Minimize Exposure?
While Pegasus is likely to become a major target in the near future, there are still easy steps you can take to reduce your overall risk, not only from this attack but from other malicious ones as well. The steps are as follows:
1) Open links only from known and trustworthy sources and contacts. Pegasus can be installed on Apple devices using iMessage, and this is the same technique used by many cybercriminals to distribute malware and commit less technical scams. Links sent via email or other messaging applications should be treated the same way.
2) Ensure that all relevant patches and upgrades are installed on your device. Even though standard operating systems make it easier for attackers to target you, your best defense is still knowing your version of the system. If you use Android, don’t depend on notifications when the operating system is updated.
3) Even though this may seem obvious, you should limit physical access to your phone. You can accomplish this through pin, finger, or face-locking. The eSafety Commissioner’s website contains a range of videos explaining how to configure your device securely.
4) Do not use public and free WiFi services (such as hotels), especially when gaining access to sensitive data. Using a VPN is a good solution when you need to connect to such networks.
5) Encrypt your device data and activate any features for remote wiping. If your device is lost or stolen, you will have some comfort knowing your data will be safe.
Photo by Mikhail Nilov from Pexels