Politicians, govt officials, CEOs, journalists and human rights advocates have all been reported as targets of the Israel-made spyware
A significant journalistic investigation has discovered evidence of dangerous software being deployed by governments all across the world, including suspicions of spying on public figures.
Journalists identified over 1,000 individuals in 50 countries who were allegedly under surveillance using the Pegasus spyware from a list of over 50,000 phone numbers. NSO Group, an Israeli business, developed the software and sold it to government clients, reports ABC News.
Politicians, government officials, chief executives, journalists and human rights advocates have all been reported as targets of the spyware.
So far, reports suggest a surveillance operation where the spyware can record keystrokes, intercept communications, track the device, and spy on the user via the camera and microphone.
Is someone spying on your mobile phone?
While the disclosure of more than 50,000 reportedly monitored phone numbers appears to be a large amount, it is unlikely that the Pegasus malware was employed to track anyone who is not publicly visible or politically active.
Spyware's fundamental nature is to remain hidden and unnoticed on a device. However, there are measures in place to detect if a device has been hacked.
The Amnesty International Mobile Verification Toolkit (MVT) is a relatively simple way to find out. This utility can check the data and configuration of a mobile device by evaluating a backup obtained from the phone and can operate under either Linux or MacOS.
While the analysis cannot establish or refute whether a device is affected, it can find "indicators of compromise" that can lead to infection evidence.
The program may detect the existence of certain software operating on the device, as well as a variety of domains utilized as part of a spyware network's global architecture.
How does Pegasus work?
The process by which the Pegasus spyware infects victims' phones is quite simple. A prepared SMS or iMessage with a link to a website could be used as the initial attack. If clicked, this link delivers malicious software that compromises the device.
The goal is to gain complete control of the operating system of the mobile device, either through rooting (on Android devices) or jailbreaking (on Apple iOS devices).
Rooting an Android smartphone is typically done by the user to install apps and games from non-supported app stores, or to re-enable a feature that the manufacturer has removed.
On Apple devices, a jailbreak can be used to install apps that are not accessible on the App Store or to unlock the phone so it can be used on different cellular networks. Many jailbreak methods necessitate connecting the phone to a computer every time it is switched on (referred to as a "tethered jailbreak").
Rooting and jailbreaking both get rid of the security features built into Android and iOS. They usually consist of a combination of configuration changes and a "hack" of basic operating system features to run customized code.
Once a device has been unlocked, the offender can install further software to gain remote access to the device's data and functionality. This user is likely to be fully uninformed of the situation.
Most media reports on Pegasus relate to the compromise of Apple devices. The spyware infects Android devices too, but is not as effective as it relies on a rooting technique that is not 100% reliable.
When the initial infection attempt fails, the spyware supposedly prompts the user to grant relevant permissions so it can be deployed effectively.
What can be done for better protection?
Although the majority of individuals are unlikely to be targeted by this type of attack, there are still easy steps one can take to reduce the risk of being harmed by Pegasus and other malicious attacks.