Pegasus Spyware

Introduction

In the world of technology where there are countless ways to spy on people, one of the most advanced and the most terrifying spyware is Pegasus. Pegasus is used by many governments in an abusive way to control people. In this blog I will share what is Pegasus and it's background: it's basic functions, who are the victims and how can you detect it if you think your phone is hacked by Pegasus. 

What Is Pegasus? 

Pegasus is named after the winged horse of Greek mythology. It is a cyber weapon developed by Israeli cyber surveillance company NSO Group. It is the most advanced spyware developed so far. The company claimed it is designed to track terrorist activities. The company has sold the spyware to abusive governments who use Pegasus to control people to prevent them from rising against them. Pegasus is seen as threat to democracy. One of the most prominent cases was the murder of journalist Jamal khashoggi. It was later found out his inner circle was spied by Pegasus and Pegasus played a significant role in his murder.  

Background

Pegasus spyware was created in 2011. Pegasus first came to public attention by Italian based Hacking Team with its subsidiary branches in U.S and Singapore. The Hacking Team revealed that Pegasus was sold to the government of Panama in 2015. It again came to public attention in 2016 when there was a failed attempt to hack a human right activist Ahmad Mansoor's phone. Mansoor received a text message about confidential information of torture of prisoners in United Arab Emirates and was sent a link to follow. Mansoor sent that link to citizen lab in Toronto, Canada. After collaboration with Lookout, the citizen lab found out that by opening the URL the spyware can jailbreak and install itself on iPhone. It then collects all communication on the iPhone, get the location of the iPhone and even get Wi-Fi-passwords. The citizen lab also discovered the link’s code references a NSO’s product Pegasus. 

Subsequently United Kingdom based non- government organization, Amnesty International did an investigation and revealed 50,000 phone numbers were targeted by Pegasus. 

Al-Jazeera news channel which is funded by government of Qatar, did a further investigation in 2020 and shared more extensively how Pegasus is used to hack phones of media professionals and activists as well as its usage by the Israel itself to eavesdrop its enemies and allies. 

Basic Functions

There is not much known about Pegasus as it can have new updates. Pegasus can target both iOS and Android while remaining undetectable. What is known so far is that it can get access to camera and take pictures, get access to messages and all communication history, get access to microphone and listen and record conversations as well as get access to GPS and get the location of the phone. The end-to-end data encrypted services such as WhatsApp are not immune from Pegasus. 

Installation 

Pegasus can be installed in two ways. One-click where a user gets a message on their phone and when they click on the link the spyware is installed. 

Zero- click in which there is a missed call on the user’s phone. The user doesn’t has to do anything. Just by the missed call user’s phone is hacked. 

Who Are The Victims?

Pegasus is very expensive spyware. The purpose of Pegasus is to target specific people who interest specific people. It targets human right activists, politicians, lawyers, journalists and in some cases bloggers. 

Mobile Verification Toolkit

The spyware can remain undetected. If someone doubts there phone is hacked by Pegasus, Amnesty International came up with a solution which can allow a user to find out if their device is hacked by Pegasus. The Amnesty International developed Mobile Verification Toolkit (MVT). The MVT can scan data transfer logs. The logs on iOS are stored longer than Android therefore it is easier to detect Pegasus on an iPhone.