Is your phone at risk of Pegasus spying?

A significant journalistic investigation has discovered evidence of dangerous software being deployed by governments all across the world, including suspicions of spying on public figures.

Journalists identified over 1,000 individuals in 50 countries who were allegedly under surveillance using the Pegasus spyware from a list of over 50,000 phone numbers. NSO Group, an Israeli business, developed the software and sold it to government clients, reports ABC News.

Politicians, government officials, chief executives, journalists and human rights advocates have all been reported as targets of the spyware.

Also Read: Reports: Israeli firm's spyware used to target journalists' mobile phones

So far, reports suggest a surveillance operation where the spyware can record keystrokes, intercept communications, track the device, and spy on the user via the camera and microphone.

Is someone spying on your mobile phone?

While the disclosure of more than 50,000 reportedly monitored phone numbers appears to be a large amount, it is unlikely that the Pegasus malware was employed to track anyone who is not publicly visible or politically active.

Spyware's fundamental nature is to remain hidden and unnoticed on a device. However, there are measures in place to detect if a device has been hacked.

The Amnesty International Mobile Verification Toolkit (MVT) is a relatively simple way to find out. This utility can check the data and configuration of a mobile device by evaluating a backup obtained from the phone and can operate under either Linux or MacOS.

While the analysis cannot establish or refute whether a device is affected, it can find "indicators of compromise" that can lead to infection evidence.

The program may detect the existence of certain software operating on the device, as well as a variety of domains utilized as part of a spyware network's global architecture.

How does Pegasus work?

The process by which the Pegasus spyware infects victims' phones is quite simple. A prepared SMS or iMessage with a link to a website could be used as the initial attack. If clicked, this link delivers malicious software that compromises the device.

The goal is to gain complete control of the operating system of the mobile device, either through rooting (on Android devices) or jailbreaking (on Apple iOS devices).

Also Read: France's Macron changes phone in light of Pegasus case

Rooting an Android smartphone is typically done by the user to install apps and games from non-supported app stores, or to re-enable a feature that the manufacturer has removed.

On Apple devices, a jailbreak can be used to install apps that are not accessible on the App Store or to unlock the phone so it can be used on different cellular networks. Many jailbreak methods necessitate connecting the phone to a computer every time it is switched on (referred to as a "tethered jailbreak").

Rooting and jailbreaking both get rid of the security features built into Android and iOS. They usually consist of a combination of configuration changes and a "hack" of basic operating system features to run customized code.

Once a device has been unlocked, the offender can install further software to gain remote access to the device's data and functionality. This user is likely to be fully uninformed of the situation.

Most media reports on Pegasus relate to the compromise of Apple devices. The spyware infects Android devices too, but is not as effective as it relies on a rooting technique that is not 100% reliable. 

Also Read: Israel appoints task force over NSO spyware allegations

When the initial infection attempt fails, the spyware supposedly prompts the user to grant relevant permissions so it can be deployed effectively.

What can be done for better protection?

Although the majority of individuals are unlikely to be targeted by this type of attack, there are still easy steps one can take to reduce the risk of being harmed by Pegasus and other malicious attacks.

• When using the device, only open links from known and trustworthy contacts and sources. Pegasus is distributed via an iMessage link on Apple devices. And many cybercriminals use this strategy for both virus dissemination and less technical scams. The same precautions apply to URLs received by email or other messaging apps.
• Ensure that all required patches and upgrades are installed on the device. While a standardized operating system provides a stable platform for attackers to target, it is still the best defence.
• On an Android device, do not rely on notifications for new operating system updates. Because the device's manufacturer may not be delivering updates, one should check for the most recent version themselves.
• Although it may seem self-evident, one should keep physical access to their phone to a minimum. Enable pin, finger, or face locking on the device to accomplish this. The website of the eSafety Commissioner provides a number of videos that explain how to encrypt a device.
• When viewing sensitive material, stay away from public and free WiFi (including hotels). When one needs to use such networks, using a VPN is a fantastic alternative.
• Encrypt the device's data and, if accessible, use remote erase features. If the smartphone is lost or stolen, one can be assured that their data will be safe.