A major press investigation has found evidence of malware being used by governments around the world, including allegations of spying on high-profile figures.
From a list of more than 50,000 phone numbers, the journalists identified more than 1,000 people in 50 countries who are said to be being monitored with the Pegasus spyware. The software was developed by the Israeli company NSO Group and sold to government clients.
Among the reported targets of the spyware are journalists, politicians, government officials, CEOs, and human rights activists.
Reports so far point to surveillance efforts reminiscent of Orwell’s nightmare, in which spyware can capture keystrokes, intercept communications, track a device, and use a camera and microphone to spy on a user.
How did they do it?
There is nothing particularly complicated about how Pegasus spyware infects victims’ phones. The initial hack involves an SMS or iMessage that provides a link to a website. If clicked, this link delivers malware that compromises the device.
The goal is to take full control of the mobile device operating system, either by rooting (on Android devices) or jailbreaking (on Apple iOS devices).
Rooting an Android device is usually done by the user to install apps and games from unsupported app stores, or re-enable a function that has been disabled by the manufacturer.
Likewise, a jailbreak can be deployed on Apple devices to allow installation of apps not available in the Apple App Store, or to unlock the phone for use on alternate cellular networks. Many jailbreaking methods require the phone to be connected to a computer every time it boots up (referred to as a “tethered jailbreak”).
Both rooting and jailbreaking remove the security controls built into the Android or iOS operating systems. They are usually a combination of configuration changes and “hack” essential elements of an operating system to run modified code.
In the case of spyware, once the device is unlocked, the offender can deploy more software to secure remote access to the device’s data and functions. This user will likely remain completely unaware.
Most of the media reports about Pegasus are related to the hacking of Apple devices. Spyware infects Android devices as well, but it is not as effective as its reliance on an unreliable 100% rooting technique. When the initial infection attempt fails, the spyware is supposed to prompt the user to grant the relevant permissions so that it can be deployed effectively.
How Pegasus Spyware Works- pic.twitter.com/GbE4RBUTvJ
– Rohan (@rohanreplies) July 19, 2021
But aren’t Apple devices more secure?
Apple devices are generally more secure than their Android counterparts, but no type of device is 100% secure.
Apple applies a high level of control over its operating system code, as well as applications offered through its App Store. This creates a closed system often referred to as “security through obscurity”. Apple also exercises complete control over when updates are rolled out, which are quickly adopted by users.
Apple devices are frequently updated to the latest version of iOS by installing autocorrect. This helps improve security and also increases the value of finding a workable compromise of the latest iOS version, as the new version will be used on a large percentage of devices globally.
On the other hand, Android devices are based on open source concepts, so device manufacturers can adapt the operating system to add additional features or improve performance. We usually see a large number of Android devices running a variety of versions – which inevitably leads to some unpatched and unsecured devices (which is useful for cybercriminals).
In the end, both systems are prone to compromise. The main factors are comfort and stimulation. While developing an iOS malware tool requires more investment in time, effort, and money, having multiple devices running in an identical environment means there is a higher chance of success at scale.
While many Android devices are potentially vulnerable, the diversity of hardware and software makes it difficult to spread a single malicious tool to a broad user base.
How do I know if I am being monitored?
While the leak of more than 50,000 monitored phone numbers sounds like a lot, the Pegasus spyware is unlikely to be used to monitor anyone who is not publicly prominent or politically active.
It is in the nature of spyware to remain secret and undetected on the device. However, there are mechanisms in place to show whether or not your device has been hacked.
The (relatively) easy way to determine this is to use AI’s Mobile Verification Toolkit (MVT). This tool can be run on either Linux or macOS and can scan the files and configuration of your mobile device by analyzing a backup taken from the phone.
While the analysis will not confirm or refute whether a device has been compromised, it does detect “indications of a breach” that could provide evidence of infection.
This is a really cool project built by the same AI researchers who confirmed the presence of a spy infection on the phones of the victims. MVT allows anyone to take a backup of their phone and look for indications of a hack associated with Pegasus. https://t.co/IQ1YDDBCcQ pic.twitter.com/dhoImNvw4P
– Zack Whittaker (@zackwhittaker) July 19, 2021
In particular, the tool can detect the presence of specific programs (processes) running on the device, as well as a set of domains used as part of the global infrastructure that supports the spyware network.
What can I do to get better protection?
Although this type of attack is unlikely to target most people, there are still simple steps you can take to reduce your potential exposure – not only to Pegasus but to other malicious attacks as well.
- Only open links from known and trusted contacts and sources when using your device. Pegasus is published on Apple devices through an iMessage link. This is the same technique that many cybercriminals use to distribute malware and less technical scams. The same advice applies to links sent via email or other messaging apps.
- Make sure your device is up to date with any relevant patches and upgrades. While having a standardized version of the operating system creates a stable base for attackers to target, it is still your best defense.
- If you are using Android, do not rely on notifications of new versions of the operating system. Check the latest version yourself, as your device manufacturer may not provide updates.
- Although it may seem obvious, you should restrict physical access to your phone. Do this by enabling the pin, finger or face lock on the device. The Cyber Safety Commissioner’s website contains a set of videos explaining how to securely configure your device.
- Avoid public and free WiFi (including hotels), especially when accessing sensitive information. Using a VPN is a good solution when you need to use such networks.
- Encrypt your device data and enable remote wipe features where available. In the event your device is lost or stolen, you will have some reassurance that your data can remain safe.
Pegasus Spyware: How does it work?
Introduction of the conversation
This article has been republished from The Conversation under a Creative Commons license. Read the original article.
the quote: How Pegasus Spyware Works and How It Affects Your Phone (2021, July 21) Retrieved on July 22, 2021 from https://techxplore.com/news/2021-07-pegasus-spyware-affects.html
This document is subject to copyright. Notwithstanding any fair dealing for the purpose of private study or research, no part may be reproduced without written permission. The content is provided for informational purposes only.