Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever, and was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.
What is Pegasus
Pegasys is spyware developed by the Israeli cyber arms company NSO group that can be covertly installed on mobile phones(and other devices) running most versions of iOS and Android. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek Mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones.
How does Pegasus hack a phone?
The biggest USP of Pegasus for its users is the seamless intrusion it promises where an individual targeted may not even have an idea that their phone is compromised.
There are some reported methods which are employed to compromise a phone through the Pegasus software. The hacking could happen by making the target click on a malicious URL sent to their phone. The software can also be installed by exploiting a security bug in voice calls through WhatsApp and similar apps. A single missed call can install the software on the targets phone which then deletes the call log entry to ensure that the victim of the hacking remains unaware.
Once installed, Pegasus can potentially access every information available on the phone, even encrypted chats and files. As per cybersecurity researchers, Pegasus can access on messages, calls, app activity, user location, video camera and microphone from the compromised device.
The researchers called Pegasus software a modular malware As per their findings, once Pegasus scans a target’s phone, it then installs different modules as per requirement. Among other things, these modules can:
- Read user messages and mail
- Listen to calls
- Capture screenshots
- Log pressed keys
- Exfiltrate browser history and contacts
How Pegasus is different from other spyware.
Until early 2018, NSO Group clients primarily relied on SMS and WhatsApp messages to trick targets into opening a malicious link, which would lead to infection of their mobile devices. A Pegasus brochure described this as Enhanced Social Engineering Message (ESEM). When a malicious link packaged as ESEM is clicked, the phone is directed to a server that checks the operating system and delivers the suitable remote exploit.
In its October 2019 report, Amnesty International first documented use of ‘network injections’ which enabled attackers to install the spyware “without requiring any interaction by the target”. Pegasus can achieve such zero-click installations in various ways. One over-the-air (OTA) option is to send a push message covertly that makes the target device load the spyware, with the target unaware of the installation over which she anyway has no control.
This, a Pegasus brochure brags, is “NSO uniqueness, which significantly differentiates the Pegasus solution” from any other spyware available in the market.
What information can be compromised?
Once infected, a phone becomes a digital spy under the attacker’s complete control.
Upon installation, Pegasus contacts the attacker’s command and control (C&C) servers to receive and execute instructions and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls (even those via end-to-end-encrypted messaging apps).
The attacker can control the phone’s camera and microphone, and use the GPS function to track a target.
To avoid extensive bandwidth consumption that may alert a target, it sends only scheduled updates to a C&C server. The spyware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by the attacker, when and if necessary.
What you can do if your phone is effected by Pegasus:
- Many security experts and analysts have said that the only way to get completely rid of Pegasus is to discard the phone that has been affected.
- Once you have replaced the device, ensure that all the apps that you install are up-to-date and have the latest software version.
- According to citizen Lab, even a Factory Data Reset of the phone doesn’t get rid of the Pegasus spyware. It lets attackers continue to access your online accounts even after your device is no longer infected.
- In order to ensure your online accounts are safe, you should also change the passwords of all the cloud-based applications and services that you were using on the infected device.