The Israeli company NSO group is once again in the spotlight being a list of developing Pegasus. Pegasus is a spyware used by government to snoop on prominent personalities including journalists and politicians. However the ministry of electronics and information technology has refused any unauthorized interception by government agencies. One of the major worrying aspects of the Pegasus Spyware is that it has evolved from using a sphere phishing methods to zero click attacks which do not require any action from the user. This makes it almost impossible to detect or stop and is also arguably the world’s most powerful spyware out there.
What is Pegasus Spyware?
Pegasus is a software which can be installed on your smartphone by an attacker to track all your devices activities. The spyware originally made headlines in 2016 when UAE human rights activist Ahmad Mansoor received a text message on his phone about tortured prisoners in the country with a link. Which he sent to researchers and citizen lab. After the investigation it was found out that the links were linked back to the infrastructure belonging to the NSO group.
The spyware has evolved a lot since then. And has now managed to become a zero click attack this means that the targeted user is not required to perform any action to install the spyware. Thus making it impossible to detect or stop. Pegasus spyware is believed to be around since at least 2016. It has also been known by other names like q-suite and trident. The spyware can infiltrate apple’s ios which is why it is known as one of the most sophisticated products available. To recall Pegasus was meant to be used by government on per license basis.
However in may 2019 the company had limited sales of the spyware to state intelligence agencies and others. NSO group on its official website states that it creates software to help government agencies prevent and investigate terrorism and crime. The company also states that it has contractual obligations requiring its customers to limit the use of its product to the prevention and investigation of serious crimes. And to ensure that they will not be used to violate human rights.
How it works now?
Pegasus is now a zero click attack which allows the attackers to gain control over their targeted users device without any human interaction. It relies on exploiting software which receives data before the device can determine if the data is coming from an trustworthy source or not. On apple’s smartphones the spyware was taking advantage of a vulnerability in the mail application which was reportedly patched in April 2020. after that the exploit targeted the apple wireless device link which has also since been batched. On android devices the spyware was targeting a vulnerability in the graphics library of the phone running version android 4.4.4 and above. Many attackers have also exploited vulnerabilities in Whatsapp now.
How you can protect yourself?
Detection of pegas and other zero-click attacks has become a lot harder especially in encrypted environments. Where there is no visibility on the data packets however users can still take few steps to protect themselves.
The first step would be to keep your smartphone up to date to ensure that there are patches available for vulnerabilities that have been spotted.
The second would be to not sideload any applications to the operating system.
Lastly users can also stop using applications and switch to checking email social media and more on the web browser