Everything you need to know about NSO Pegasus

everything-you-need-to-know-about-nso-pegasus

Introduction

Within our increasingly digital lives, we have to do a lot to protect our privacy online. Whether it is protecting our data from being used by large corporations or by the State, or making sure that our webcams are not being used to spy on us, we are constantly under threat. Although we live in a world where privacy concerns are the issue of the day, we forget that privacy is no longer sacred. It is only a false promise being sold by the same people who are stealing it from us. Pegasus is the key. Pegasus is a surveillance tool, also known as spyware, that has been covertly installed onto the smartphones of prominent journalists and activists around the world. The threat to them as well as their data is real.

What is Pegasus?

Pegasus is spyware that was created by an Israeli cyber intelligence firm called the NSO Group. Pegasus was created to develop best-in-class technology that can help government agencies to prevent and detect terrorism and crime. However, these priorities seem to have changed. According to reports from The Guardian, people now know that the software has been used in the past to monitor specific individuals and gather data.

What does the NSO Group have to say about it?

The NSO has confirmed, beyond a doubt, the existence of the software. However, it has repeatedly claimed in front of the media that Pegasus was sold only to governments and that it is in no way responsible for the misuse. The spyware first came into the limelight when it was discovered on the smartphone of a human rights activist. Facebook sued the NSO Group for the creation of such software. However, the biggest concern here is that it is very difficult to trace whether the app has infected a mobile device or not. There are a variety of ways, most of which are still unknown, in which the software can infect a smartphone without the user even being aware of it.

How does the software work?

The software has infected phones in the past by employing fairly simple methods. One of them is to install itself onto a smartphone by enticing the user to click a voice call vulnerability in WhatsApp that allows for installation simply by placing one missed call. The app also deletes the logs of the call so users have no clue about what happened.

Another method is the installation of the software without the user giving any sort of input. On iPhones, this was made possible by using a weakness in the Mail app where a threat actor could send remote code via email that consumed large amounts of memory. Apple has confirmed that through an update fix, this issue has now been resolved.

On Android, the app exploits the operating system’s graphics library. A threat actor could send hundreds of multimedia messages to forcibly infiltrate the memory system of the device, which would then run the remote code. Samsung and other Android phone manufacturers have also apparently fixed the issue by releasing a debugging update.

Are iPhones safe?

A recent report by Vox has quashed claims made by several people online which said that iPhones, with their exceptional privacy protection features, are safe from the effects of Pegasus. Apple has said that iPhones are “the safest, most secure consumer mobile device on the market” and that it takes multiple steps to detect and fix new threats.” However, according to investigations, iPhones are just as likely as any other device to be infected by spyware. Developers say that even the most secure devices and encrypted messaging apps could potentially be hacked.