We are sure you all would have seen thriller movies where the characters feel a strange fear of being followed. And very late when finally, the brute shows up after the attack. Yes, that’s the exact fear, the spyware Pegasus has caused. As this spyware is all over the news, it’s now crucial to understand & know how it all started & why we should be concerned about it.
It’s a spyware that can do everything. This is the spyware that can search & extract all your information without leaving any trace. It mainly hoovers all your communication applications like Gmail, Viber, Facebook, Skype, WhatsApp, etc. & locations.
This spyware can be installed remotely through different means like:
| Over The Air (OTA) | Enhanced Social Engineering Message (ESEM) | Tactical Network Element | Physical |
| A push message is sent covertly on the device & requires no engagement from the target like clicking or opening. |
A system operator regular message is sent in the form of an email or a text message, luring the target to open it intentionally or unintentionally. However, both of these methods require a phone number or an email ID of the target. |
Once the number is acquired using the tactical network element from the installation is done remotely. | When physical access is available to the device, Pegasus can be installed in 5 minutes exploiting vulnerabilities & even sending corrupted files through different methods like Bluetooth, etc. |
Moreover, this is not a new spyware. Discovered in the year 2016, the application had its first successful attack reported in May 2019. This spyware was developed by NSO Group, an Israel based cyber-security company that specialises in providing technologies for surveillance. The successful attack was made through a missed call on WhatsApp.
This attack hit around 1400 activists globally out of which 121 were impacted from India. The attack is made through a WhatsApp missed call.
According to the Pegasus’s product description provided by the lawsuit, “Pegasus silently deploys invisible software ("agent") on the target device. This agent then extracts and securely transmits the collected data for analysis. Installation is performed remotely (over-the-air), does not require any action from or engagement with the target, and leaves no traces whatsoever on the device.”
As mentioned in the product description, the Pegasus is a system designed in layers & is capable of doing following actions:
- Penetrates Android, BlackBerry, iOS and Symbian based devices
- Extracts contacts, messages, emails, photos, files, locations, passwords, processes list and more.
- Accesses password-protected devices
- Invisible to the target
- Leaves no trace on the device
- Minimal battery, memory and data consumption
- Self-destruct mechanism in case of exposure risk
- Retrieves any file from the device for deeper analysis
In short, as far as the target is carrying his infected smartphone each of his activity can be tracked slyly.
Well the good news & hope of relief is that this software is very exclusive. In a year it can monitor up to 500 phones but complete tracking can be done only on 50 in a go. Also, it costs nearly $7-8 million to license it for a year.
So, attack probability of such spyware on laymen is almost insignificant.
Well, discussing about cure of Pegasus, this cannot be a successful idea. Once infected, it’s almost impossible to fix it or remove it from your device. So, the chances of recovering from the attack are bleak. However, Pegasus has self-destruct mechanism which wipes itself. Switching to other phone can’t be an option because the backup will also contain the spyware data. Though, restoring the phone to factory settings can be tried but it leaves the user clueless about already compromised data. Also, according to Citizen lab, factory reset also can’t remove it.
Pegasus will automatically self-destruct if it hasn't received any communication from the operator's server in 60 days.
So while cure to such well-engineered spyware is not known, at least you can take certain measures to prevent from other spyware & malware. Here’s how:
- Don’t open & download links or files sent from an unknown source.
- Switch off push message from your device settings.
- Always keep phone updated, it updates the software & patches on time.
- Don’t jailbreak if you are an iPhone user.
- Keep your sensitive data encrypted.
- Regularly backup your files to a physical storage.
- Don’t permit all app permissions.
Hope this write-up has helped you to stay update with what’s going around in the world of coding & errors. Drop your feedback in the comment section below.
Leave a Reply