Pegasus Spyware Report– What is it and how to protect yourself from spyware?

Pegasus Spyware Report– What is it and how to protect yourself from spyware?

A recent report on the Pegasus Project highlighted the dangers of living so much of our lives online and the importance of being proactive in protecting our devices and our data. 

With this in mind, we wanted to highlight the importance of protecting yourself against spyware like Pegasus and share some good habits to help keep you safe. 

What is it? 

Pegasus is a hacking software (or spyware) that was developed and marketed to governments worldwide by an Israeli company called NSO Group.  It is perhaps the most powerful piece of surveillance spyware developed and can infiltrate both iOS and Android mobile devices without the user’s knowledge. 

Whilst the majority of deployments are likely to be from authoritarian nations at a relatively high price, Pegasus and other similar Spywares are often sold quite simply to the highest bidder, so if someone decides they want to infect your device (whether as a target or to find a way to their target), it’s more a question of when rather than how… 

An investigation by The Guardian and 16 other media organisations worldwide suggests over 50 000 phone numbers as potential targets by NSO Group. NSO developed the hacking software which was intended to be used against criminals and terrorists, but it has been found on the phones of over half of the samples tested of the 50 000 on the leaked list.  

People targeted include business executives, religious figures, academics, NGO employees, union and government officials including cabinet ministers, presidents and prime ministers and some of their close relatives.  Whilst Pegasus has predominantly been used by authoritarian governments targeting people of interest, it highlights the dangers of spyware in general in our lives. 

What is at risk? 

Our mobile devices now can access or have installed, as much data as our PCs. This means if it can be accessed on our phones, it could be accessed via Pegasus, whether through apps, the microphone, the camera or keystrokes typed into the device.  Everything you have saved or do in real-time could be relayed to someone else for data collection. 

How do you get infected? 

Initially, spyware such as Pegasus needed the user to click on a link to be downloaded. This was achieved by tricking users to click a link via a text or notification. Unfortunately for users, things have moved on and devices can be infected by exploiting “zero-day” vulnerabilities in operating systems or apps (ie.  flaws or bugs that are not yet known about or do not yet have a patch to fix). By simply making a call via a messaging app such as Whatsapp, the spyware can be installed (even if you do not answer) and then is clever enough to remove obvious evidence of installation and even the call happening!  

What happens if you’re infected? 

Once installed it has ‘unlimited access’ to the device and can read and gather important information such as: 

  • passwords 
  • monitor voice and VoIP calls (including in real-time) 
  • listen through the device’s microphone 
  • monitor communications in major apps such as WhatsApp, iMessenger, Facetime 
  • track the phone’s location via GPS.  
  • Microsoft 365 / Google Workspace or Gmail accounts 

Such wide-ranging access means that vulnerabilities exist whenever an employee or user has access to sensitive information, research or infrastructure. 

Alarmingly for most users, they will have no idea they have been infected and are now sharing their sensitive information freely as Pegasus can hide from the most common forms of identification. 

Unfortunately, once infected it is currently impossible to fully remove Pegasus, so the only way to be sure you have a ‘clean’ system is to replace the device! 

How to minimise the risk – detect if you’re already infected, and protect yourself against it. 

 As Pegasus only infects mobile devices, it’s as important to maintain a level of general housekeeping to help prevent infection or reinfection. 

General tips for both iOS and Android are: 

  • Restart your device daily which helps clean out the device’s “zero-day” vulnerabilities”. 
  • Don’t open emails or texts from people you don’t know and exercise extreme caution when clicking on any links (particularly ones you don’t expect).
  • Hover over any link you receive or check them on your PC first to verify their location. 
  • Avoid downloading files on your device, especially from an unknown source.  
  • Keep your device operating system and apps as up to date as possible.  This will reduce your exposure to “zero-day” vulnerabilities. 
  • Install a reputable anti-virus software and only install software from approved partners (ie.  Google Play, iTunes, Microsoft). 
  • Install an anti-tracking software or use an open-source VPN to maintain a level of anonymity and be careful about accepting cookies. 
  • Don’t install unnecessary apps as that increases the number of potential vulnerabilities and keep all apps up to date (automatically if possible). 
  • Use an alternative browser from Chrome or Safari (eg.  Firefox Focus).

iOS Only 

There are extra vulnerabilities within the iOS operating system so it is recommended to disable iMessage and Facetime due to vulnerabilities within the apps, and backup iTunes monthly as this can help keep a track of activity within your account. 

Here at Transpeed, our experts in IT management and Cybersecurity are on hand to discuss a wide range of ways we can help you keep yourself and your business safe and working despite these threats.  Get in touch to find out more  

TAGS 

Cybersecurity 

Spyware 

Malware  

Pegasus  

References:

https://www.kaspersky.co.uk/blog/how-to-protect-from-pegasus-spyware/24071/

https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones

https://www.theirmindia.org/blog/the-risk-of-pegasus-spyware-snooping-the-privacy-of-innocentk/

https://theintercept.com/2021/07/27/pegasus-nso-spyware-security/

No Comments

Sorry, the comment form is closed at this time.