top of page

Digital Safety in Era of Pegasus : Questions Answered

We have all been seeing Pegasus in the news, it is the hottest spyware right now out in the world. But are we paying attention to the right details? Do we know if it will affect us and if it does to what extent, is there a cause of worry? And most importantly, is there a way we can stop it or at the very least, protect ourselves. Politicians and Allies have started accusing each other of spying and saying that their fundamental rights are being violated. We will try to find the answer to most of these questions in this article.

What is Pegasus?

Pegasus is a malware or a malicious software developed by an Israeli firm NSO Group, it has been in existence since 2010. Pegasus is classified as a spyware because of its ability to be able to gain access to devices, even without the knowledge of the user and then it starts gathering personal information on the user’s device which is sent back to the server or whoever is using this malicious software to spy. It must also be noted, that Pegasus not only transmits the information and data stored on the targeted mobile phone device, it can also turn on the camera and microphone to transmit real-time photos, videos and, audio of the targeted user along with exact location co-ordinates, without the targeted user being aware of any of it. It runs, in the background and also comes with a self-destruct mechanism, if caught or a built-in self-destruct feature after the job is done i.e. the required information is extracted or even a time based self-destruct feature, which means that after a specified period of time, the malware vanishes from the mobile phone.

How does it work?

From what can be gathered in the news is that the spyware in question does not require any interaction from the target but it was not always like that. According to the brochure provided by Pegasus, it was described as an Enhanced Social Engineering Message (ESEM), up until early 2018. In simpler words, it means that only when a malicious link packaged as ESEM is interacted with or clicked will it start its dirty job of spying and delivering the suitable remote exploit. Also, until early 2018, it had been known that the clients primarily relied upon WhatsApp messages and Short Message Service (SMS) to ploy the target user into opening the malicious links, which further infect the mobile phone device.

But now, the times have changed and the technology has become more sophisticated, Pegasus can now be deployed in newer ways. This means prying on people’s privacy is now easier and the chances of getting caught have also reduced manifolds. Pegasus now uses a zero-click method of attacking and also comes with a self-destruct mechanism in-built upon being caught. Now, for Pegasus to be installed and working on a target user’s mobile phone as much as a WhatsApp video missed call is enough. The user does not even have to answer the call for the malware to be installed and up and running.

What is a ‘zero-click’ attack?

A zero-click attack is an attack that is performed remotely without the knowledge of the user or the target’s engagement. It works by the way of network injections. This gives Pegasus an edge over the other spyware available in the market. As mentioned above, just a missed video call is enough to infect the target user’s device. Another way is an Over-the-air (OTA) option, in this method, a push message is sent covertly which compels the target user’s device to install the software even when the user is unaware and particularly has no control over this.

Is your device at risk?

It does not matter which operating system you are using whether an Android or an iOS device. Your mobile phone device might still be at risk of getting infected by this spyware called Pegasus. Initially, it was observed that iPhones in particular were targeted through Apple’s default Push Notification Services (APN) protocol and the iMessage app. The spyware will mimic and impersonate as a downloaded application to an iPhone and start transmitting itself via Apple’s servers through push notifications. In 2016, a report about the existence of Pegasus was made to the Cybersecurity firm, Lookout, by the Citizen Lab (an interdisciplinary laboratory based in the University of Toronto). These organisations flagged the threat to Apple and in addition, Google and Lookout made public the details of an Android version of Pegasus.

How does Pegasus infect a device?

According to the Pegasus brochure, all that is needed to infect a device is a phone number. The phone number of the targeted user is fed to the system for a network injection and the rest of the job is done automatically by the spyware. It might not work sometimes though, in cases when the targeted device’s operating system is upgraded with new security protections or is not supported by the NSO system. The brochure also mentions that the malware can be “manually injected and installed in less than five minutes” and this is possible if physical access is provided to the target device.

Is there a way to prevent ourselves?

Mobile phone makers and software developers try that the newer versions of the phone are always bug-free and also roll out updates as and when a need is felt. This patching is done to fix minor bugs and make the system stronger and less vulnerable to attacks. Also, as the Pegasus brochure clearly mentions that “installation from browsers other than the device default (and also chrome for android based devices) is not supported by the system”, which means that one can protect themselves by changing their default browsers.

One might believe that the best way to protect themselves against such attacks is by switching phones and going back to the archaic handset which allows only basic calls and messages but in this fast-moving world, it will be hard to keep up. Hence, the best way to be less vulnerable to these attacks is by keeping your device’s operating system updated at all times and if your budget allows, change your handset every couple of years, this is perhaps the most expensive yet most effective remedy.



Get Started with Listing of your Bug Bounty Program

  • Black LinkedIn Icon
  • Black Twitter Icon
bottom of page