Skip to main content

PEGASUS [EXPLAINED] - Why is it a threat to an individual's security?

 


WHAT IS PEGASUS?

Pegasus is one of the most powerful spyware ever developed in history. It is developed by NSO Group, an Israeli surveillance firm. It has the capability to infect billions of phones globally. Pegasus is capable of reaching target’s phone via multiple routes.


When was it first discovered?

The first and the earlier version of Pegasus was discovered in 2016, which used the technology of spear-phishing-text messages/emails, tricking the target population through a malicious link. 


How Does it Work?Which information may be compromised?

Once it is installed in a target’s phone, it can turn it into a 24-hour surveillance device. It is capable of the following:

  • Copying your messages, 
  • Harvest WhatsApp chats.
  • Access your photos,
  • Record your calls,
  • Extract any file, 
  • Secretly film you through phone’s camera, 
  • Record your conversations by activating the microphone, 
  • Extract your past and present location, etc.

All without the target noticing it.


How it came into limelight?


August 2016 : The Citizen Lab, interdisciplinary laboratory, University of Toronto, reported the existence of Pegasus. It reported the existence to Lookout, a cyber security firm. Later, both flagged threat to Apple


April 2017 : Google and Lookout made public the details of the Android version of Pegasus.


October 2019 : Amnesty International documented the use of network injections which enabled the attackers to install the spyware without requiring any interaction by the target.


October 2019 : WhatsApp revealed the involvement of NSO’s software in sending of malware to more than 1,400 phones by exploiting a zero-day vulnerability.


November 2019 : A New York City based reported photographed an interception device, placed at the back of a van at Milipol trade show in Paris.


December 2020 : Citizen Lab report reported how Pegasus was used by to hack 37 phones, owned by   producers, executives, journalists, and anchors at Al Jazeera and Al Araby TV.




Difference between the then and now Pegasus.

The earlier version of Pegasus used spear phishing method in which a malicious link is embedded in a message customized to entice the target to click. 


Whereas, the recent version uses the zero-click attacks , where the target’s phone can be hacked without any actions of the target.


Different ways in which Pegasus can be installed?

  • Pegasus uses the zero-click attacks , where the target’s phone can be hacked without any actions of the target.
  • One way is through over-the-air (OTA). The OTA sends a push message covertly which allows the installation of the spyware in the target device, with the target unaware of the installation.
  • Another way is through a WhatsApp call, the malicious spyware could be installed on the phone through a WhatsApp call, even if the target does not answers the call.
  • Pegasus can also be installed over a wireless transceiver located near a target.


What kind of devices can be attacked?

Pegasus spyware can be installed in any and all devices. But, Apple iPhones are termed to be the most vulnerable and targeted devices to be attacked by Pegasus through Apple’s iMessage application. 


Who are the potential targets and clients?


Although the NSO group did not reveal the names of the client countries but claimed to have about 60 clients from 40 countries . 


Following are the Potential targets to have been attacked by Pegasus:

  • Prominent business personalities,
  • Human rights defenders, 
  • Academics,
  • Journalists, 
  • Lawyers,
  • Doctors, 
  • World leaders, 
  • Politicians,
  • Diplomats ,
  • Heads of states, etc.


Personalities already attacked:

  • More than 600 politicians or government officials.
  • Arab royal family Members
  • About 70 business personalities
  • 200+ journalists
  • Emmanuel Macron, President of France,
  • South African President Cyril Ramaphosa
  • Imran Khan, Prime Minister of Pakistan.
  • Rahul Gandhi, Politician, India


Precautions to be taken:

Apparently, one can do nothing to prevent one’s device from getting compromised because Pegasus derives out a vulnerability in one’s phone through its operating system.


One may take following precautions to prevent the spyware:

  • The best way to prevent the attack is to keep your phone updated with the latest operating system and firewall.
  • Changing of headsets periodically, may reduce the risk of getting attacked.
  • Important phone calls and messages may be made through an handset with basic features of calling and messaging to reduce network interjections.
Labels:

Comments

Post a Comment

Popular posts from this blog

Covid Vaccine- When can we expect one?

The world is facing the imbroglios Covid-19 from a long time now. Each and every person has the same question in mind that is "When will we get a Covid vaccination ?" . Let us try to find an answer to this question. What is a Vaccination? A vaccination is a kind of medicine which trains the immune system to fight a disease or germ. It prepares the body to make antigens or antibodies. A vaccination is generally administered through needles. A vaccine can take upto 10  years to develop and to be ready to use for public.  What are the different stages of vaccine development? A vaccine has to go through different stages before it is made available to the public. Pre-Clinical Trials: This research is done in the laboratories on cells and animals. Pre-clinical trials indicates about the efficiency and safety of the vaccine. Phase I trials: In this phase, r esearchers monitors the kidney, liver, hormone and cardiac functions to look for adverse affects in human volunteers.It take...
1 comment
Read more

What is the 25th Amendment of US Constitution? How can it be used to remove Trump?

                      There are calls to impeach the President of the United States or to invoke 25th amendment  to remove the President from the office. The call to remove was taken after the supporters of Donald Trump stormed the US Capitol building. The US Capitol building houses both the US senate and the house of representative . Let us learn about the 25th amendment and how it can be used to remove Donald Trump WHAT IS THE 25th AMENDMENT? The 25th amendment of the US Constitution lays out the principles and ways to remove or replace the President and the Vice President of the United States. T he 25th amendment was an effort to resolve some of the continuing issues about the office of the president. This is what happens in the case of vacancy of the office and what is the course to follow if for some reason the the President becomes disabled to such a degree that he cannot fulfill his responsibili...
Post a Comment
Read more

What are the various Side Effects reported post COVID-19 vaccines?

                            The world is in the midst of the deadly Covid-19 pandemic . An increment in the numbers of daily cases around the world is terrifying but the vaccination drives around the world brought some relief among the people. The researchers worked hard and round the clock to find a vaccine to this deadly virus. A number of vaccines are in the market today. But there are various side effects of these vaccines causing fear among the people from being vaccinated. Let us learn about the types of side effects observed after vaccination.  WHAT IS A VACCINE? A vaccination is a kind of medicine which trains the immune system to fight a disease or germ. It prepares the body to make antigens or antibodies. A vaccination is generally administered through needles. A vaccine can take upto 10  years to develop and to be ready to use for public.   Why do we need a vaccine? The only way for life to...
Post a Comment
Read more