Pegasus Spyware has been spoken about a lot on the news lately. You know the name, but do you know how it can affect YOU? How can Pegasus find its way into your device?
This article answers exactly those questions. Not just that, I’ll also tell you what you can do to protect your device against this spyware.
What is Pegasus Spyware?
Pegasus Spyware is the MOST potent malware ever created. NSO, an Israeli cyberarms firm, created this spyware as far back as 25th January, 2010. It’s a spyware that can affect your phone remotely even if you do not click on any links or suspicious messages. Pegasus works through zero-click “network injections.”
But why are we talking about Pegasus NOW?
It’s because of how its power is being abused. Pegasus was originally created to spy on terror suspects. Governments could keep an eye over its suspicious population through Pegasus. According to NSO, the encryption of social media messages and emails had allowed many potential threats to ‘go dark.’
This is exactly why the Pegasus Spyware was made. To jump over the hurdle of encryption and keep an eye on the problematic elements of the society. However, it’s been on the news lately because of the opposite reason.
Amnesty International, along with a Parisian media non-profit, and 17 media houses from 10 different countries leaked some essential data. They published a list of 50,000 people who were being targeted through Pegasus. This included Prime Ministers, journalists and activists and others. People who were very much not terror suspects. Indians were also on the list, yes.
This obviously gave rise to some justified paranoia. Am I a target? How should I figure out if I am a target? Don’t worry. I’ll get to that soon enough.
How Can Pegasus Get Into Your Phone?
I said that Pegasus was the most potent spyware ever created. This is not an exaggeration.
Previously, Pegasus had to send ESEM baits. The full form of ESEM is Enhanced Social Engineering Message. Basically, Pegasus sent people suspicious links through Whatsapp or SMS. On clicking them, the spyware was installed on the phone.
Obviously, people became wary of this. Thus, Pegasus came in with a whole other gameplan.
Pegasus does not need to send you ESEM baits anymore. Pegasus works through “network injections.” A process of installing the spyware into your phone without having absolutely any interaction with you.
But how is this even possible? Pegasus requires zero clicks for installation. It basically works like this:
Pegasus uses rogue cellphone tower-like structures called BTS or Base Transceiver Station. These look like signal interception devices with a bunch of cards stacked together horizontally. This device is portable and it acts like an actual cell tower. But there’s a twist. It forces your device to connect to it so that the traffic can be intercepted and manipulated.
Not just this. Pegasus can get into your phone by several means. A missed Whatsapp call, a bluetooth connection from a nearby device- anything really. In the worst case scenario, the person who wants to spy on you can simply install the spyware in your device manually. How long will it take? Just 5 minutes. That’s it.
How Can Pegasus Spyware Affect You?
The first question you should be asking is: What information can Pegasus steal from you?
The answer is, everything. Your photos, videos, emails, messages, chats, contacts list, GPS and Calendar data. Everything.
And not just that. It gets creepier. Pegasus Spyware can turn on your camera or your microphone. Stop and try to grasp the significance of that. It can literally hear and see you and the people around you at almost all moments.
Can Pegasus record your calls? You already know the answer to this. Yes, it can. And since it can also delete your call records, it can erase its own installation process.
How Can You Protect Your Device Against Pegasus?
Real answer? Throw away your device.
No, really. That is the ONLY way to get rid of Pegasus if your device already has it.
Factory resets won’t work. Antivirus Protection won’t work. Even the most expensive VPNs won’t work.
Pegasus can turn on your camera and mic even if your mobile is switched off. A new SIM card doesn’t affect Pegasus.
Your password won’t matter. Neither will the end- to-end encryption of your social media messaging apps.
Is there really nothing you can do to stop being spied on?
Well, there’s one ray of hope.
Since Pegasus has blown up over the news lately, it’s very likely that NSO will be forced to pull it back. Even if it doesn’t, brands like Apple won’t take this lying down. Apple, after all, prides itself on its privacy structures. In all probability, the cell phone companies themselves will raise some safeguards.
You should also keep your device up to date in case your OS releases security patches. Don’t just rely on notifications. Go and check out if any updates are available right now.
In Conclusion
Does all this ensure that your privacy will be maintained? Not really. Because just as technology develops, spywares develop hand in hand. That’s exactly what we learnt from Pegasus, isn’t it? The moment we stopped clicking on suspicious ESEMs, Pegasus evolved beyond the need for it.
And truthfully speaking, you’re already being spied on. How? Give this a read.
Do you think NSO will be forced to pull back Pegasus because of the international outrage? Let us know what you think in the comments below!
Frequently Asked Questions
Pegasus does not need you to click on suspicious links or ESEMs. They can be installed remotely with zero clicks through “network injections.” There are portable interception devices that impersonate cell phone towers, called BTS or Base Transceiver Station . They force your mobile phone to connect, and then intercept and manipulate the traffic. It can also be installed through a missed WhatsApp call.
Pegasus can turn on your microphone and camera to record you. It can also record your phone calls and can listen in on your WhatsApp calls. The end-to-end encryption of social media apps does not bother Pegasus.
No. A VPN cannot protect you from Pegasus no matter how much you pay for it. This is because Pegasus has multiple points of entry. It can be installed via a nearby malicious Bluetooth connection. Knowing your phone number isn’t essential either.
Yes. Even though Apple cares way more about the privacy of users than Android, Pegasus can get into iPhones as well. They utilize zero-day vulnerabilities to do this.
Yes, it can be. It’s very hard to detect Pegasus because it uses the temporary memory of the device, not the hard drive. However Amnesty International has developed a toolkit for the detection of Pegasus Spyware. You can get it from Github. It is known as MVT or Mobile Verification Toolkit.