#NewsBytesExplainer: What's Pegasus spyware and how does it spread?
Recent reports suggest that the smartphones of over 40 Indian journalists from established media houses have been compromised by the Pegasus spyware. The Washington Post reported that an investigation by 17 media houses found traces of Pegasus hacking attempts on 37 phones belonging to journalists, and human rights activists. Here's what Pegasus is, how it works, and how it spreads.
Pegasus has been known to exist since at least 2016
Pegasus is a tool used for spying on devices. The software has been developed by the Israeli firm NSO Group and has been in circulation since at least 2016. The Verge reports that the victims' phones were on a leaked list discovered by Paris-based non-profit Hidden Stories and Amnesty International. The Post suggests that the devices were surveilled by nations NSO caters to.
NSO claims that it only caters to vetted government agencies
NSO Group, on its part, claims that it "creates technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe." In May 2019, WhatsApp had shared that NSO software spread to over 1,400 phones via WhatsApp.
Pegasus converts smartphone into full-blown surveillance device you voluntarily use
Pegasus is arguably the most sophisticated privately-developed spyware tool being sold to interested parties (only governments). The spyware can silently and remotely capture the infected device's SMSs, emails, WhatsApp conversations, photos, videos, GPS data, contacts, and calendar events. It can also listen in on phone calls and activate the device's cameras and microphone without the phone's user ever coming to know.
NSO clients can covertly install Pegasus on victims' devices
Considering that it's such a powerful spyware, one would assume that Pegasus would be complicated to initialize. Wrong! Earlier, it was installed by spear-phishing—messages/emails that compel victims to click on malicious links that install the spyware. Now, Pegasus is installed using zero-click methods by exploiting undiscovered vulnerabilities in popular applications like WhatsApp and iMessage. The spyware can infect both iOS and Android devices.
Pegasus can be installed via WhatsApp calls, wireless transceivers
The Guardian reported that Pegasus could be installed on the victim's device through a WhatsApp call, even if the victim doesn't answer the call. According to NSO's brochure, Pegasus can also be installed using a wireless transceiver near the target or manually by an agent if the victim's phone is left unattended. Moreover, a Pegasus attack can be extremely hard to detect.
Traces of Pegasus attack can be incredibly hard to detect
The spyware reportedly resides in the infected device's volatile memory or RAM instead of the physical storage, making detection difficult. If the infected device is switched off, all traces of the attack vanish. A digital forensic analysis of the device must be done by professionals to uncover traces of an attack, whether successful or unsuccessful.
How to save your smartphone from a Pegasus infection?
Claudio Guarnieri who runs Amnesty International's Security Lab said that every time the researchers do forensics with somebody, they get asked what to do to prevent an attack from occurring again. "The real honest answer is nothing," he says. Meanwhile, NSO's lawyers called Amnesty International's report "a compilation of speculative and baseless assumptions." However, they didn't dispute specific findings or conclusions, The Guardian observed.