Skip to main content

PEGASUS [EXPLAINED] - Why is it a threat to an individual's security?

 


WHAT IS PEGASUS?

Pegasus is one of the most powerful spyware ever developed in history. It is developed by NSO Group, an Israeli surveillance firm. It has the capability to infect billions of phones globally. Pegasus is capable of reaching target’s phone via multiple routes.


When was it first discovered?

The first and the earlier version of Pegasus was discovered in 2016, which used the technology of spear-phishing-text messages/emails, tricking the target population through a malicious link. 


How Does it Work?Which information may be compromised?

Once it is installed in a target’s phone, it can turn it into a 24-hour surveillance device. It is capable of the following:

  • Copying your messages, 
  • Harvest WhatsApp chats.
  • Access your photos,
  • Record your calls,
  • Extract any file, 
  • Secretly film you through phone’s camera, 
  • Record your conversations by activating the microphone, 
  • Extract your past and present location, etc.

All without the target noticing it.


How it came into limelight?


August 2016 : The Citizen Lab, interdisciplinary laboratory, University of Toronto, reported the existence of Pegasus. It reported the existence to Lookout, a cyber security firm. Later, both flagged threat to Apple


April 2017 : Google and Lookout made public the details of the Android version of Pegasus.


October 2019 : Amnesty International documented the use of network injections which enabled the attackers to install the spyware without requiring any interaction by the target.


October 2019 : WhatsApp revealed the involvement of NSO’s software in sending of malware to more than 1,400 phones by exploiting a zero-day vulnerability.


November 2019 : A New York City based reported photographed an interception device, placed at the back of a van at Milipol trade show in Paris.


December 2020 : Citizen Lab report reported how Pegasus was used by to hack 37 phones, owned by   producers, executives, journalists, and anchors at Al Jazeera and Al Araby TV.




Difference between the then and now Pegasus.

The earlier version of Pegasus used spear phishing method in which a malicious link is embedded in a message customized to entice the target to click. 


Whereas, the recent version uses the zero-click attacks , where the target’s phone can be hacked without any actions of the target.


Different ways in which Pegasus can be installed?

  • Pegasus uses the zero-click attacks , where the target’s phone can be hacked without any actions of the target.
  • One way is through over-the-air (OTA). The OTA sends a push message covertly which allows the installation of the spyware in the target device, with the target unaware of the installation.
  • Another way is through a WhatsApp call, the malicious spyware could be installed on the phone through a WhatsApp call, even if the target does not answers the call.
  • Pegasus can also be installed over a wireless transceiver located near a target.


What kind of devices can be attacked?

Pegasus spyware can be installed in any and all devices. But, Apple iPhones are termed to be the most vulnerable and targeted devices to be attacked by Pegasus through Apple’s iMessage application. 


Who are the potential targets and clients?


Although the NSO group did not reveal the names of the client countries but claimed to have about 60 clients from 40 countries . 


Following are the Potential targets to have been attacked by Pegasus:

  • Prominent business personalities,
  • Human rights defenders, 
  • Academics,
  • Journalists, 
  • Lawyers,
  • Doctors, 
  • World leaders, 
  • Politicians,
  • Diplomats ,
  • Heads of states, etc.


Personalities already attacked:

  • More than 600 politicians or government officials.
  • Arab royal family Members
  • About 70 business personalities
  • 200+ journalists
  • Emmanuel Macron, President of France,
  • South African President Cyril Ramaphosa
  • Imran Khan, Prime Minister of Pakistan.
  • Rahul Gandhi, Politician, India


Precautions to be taken:

Apparently, one can do nothing to prevent one’s device from getting compromised because Pegasus derives out a vulnerability in one’s phone through its operating system.


One may take following precautions to prevent the spyware:

  • The best way to prevent the attack is to keep your phone updated with the latest operating system and firewall.
  • Changing of headsets periodically, may reduce the risk of getting attacked.
  • Important phone calls and messages may be made through an handset with basic features of calling and messaging to reduce network interjections.
Labels:

Comments

Post a Comment

Popular posts from this blog

What is the 25th Amendment of US Constitution? How can it be used to remove Trump?

                      There are calls to impeach the President of the United States or to invoke 25th amendment  to remove the President from the office. The call to remove was taken after the supporters of Donald Trump stormed the US Capitol building. The US Capitol building houses both the US senate and the house of representative . Let us learn about the 25th amendment and how it can be used to remove Donald Trump WHAT IS THE 25th AMENDMENT? The 25th amendment of the US Constitution lays out the principles and ways to remove or replace the President and the Vice President of the United States. T he 25th amendment was an effort to resolve some of the continuing issues about the office of the president. This is what happens in the case of vacancy of the office and what is the course to follow if for some reason the the President becomes disabled to such a degree that he cannot fulfill his responsibili...
Post a Comment
Read more

Thai Protests- Why are Thai Students Protesting?

Students in Thailand are once again involved in a series of protest, this time against the government of the Prime Minister Prayut-Chan-Ocha demanding reforms in Thai monarchy .  Let us talk about the whole story behind these protests by Thai students.  Why are Thai students protesting?  The anti-government protests started last year after the banning of the most vocal party opposing the government by the court. After a pause during Coronavirus, the protesters once again came onto the streets in mid-jury demanding Prayuth's removal , new Constitution , and an end to harassments of activists . Some came up with a list of 10 demands supported by thousands. Protesters say the do not want an end to the monarchy, just some reforms but the conservatives are horrified by such attacks. What is lese majesty law? The  lese majesty law  states that the monarchy is protected by  section 112  of the penal code, which states that whoever defames, insults, threa...
Post a Comment
Read more

Are We Ready to Open Schools? Is It Safe?

With the country in the middle of the deadly Covid-19 pandemic, the cases of Covid-19 are accelerating once again in the country. With an increase in the daily number of cases, some states are planning to re-open the schools whereas some have already ordered to do so. The director of AIIMS warned that the second wave of Covid-19 has already begun in India. Now the question that arises is Are We Ready to Open the Schools? The  Union Ministry of Education under Unlock 5.0 passed the guidelines for re-opening of schools from October 15 . While some states have already re-opened the schools from November 2 , some are still figuring out on when to re-open them whereas few of them are waiting for the festive season to get over. List of Opening Date of Schools: Arunachal Pradesh:  November 16(Classes 10 and 12) Maharashtra: November 23(Classes 9 to 12) Gujarat: November 23  Haryana: November 16 Goa: November 21(Classes 10 and 12) What Happened when schools...
Post a Comment
Read more