A major media investigation has found evidence of malware use by governments around the world. It also includes allegations of espionage of prominent people. An investigation of nearly 50,000 telephone numbers revealed that more than 1,000 people in 50 countries were reportedly monitored through the Pegasus software. The software was developed by the Israeli company NSO Group and sold to various governments. Those monitored included journalists, politicians, government officials, directors general and well-known human rights activists.
How did they do it?
It is not difficult to understand how Pegasus spyware infects victims’ phones. First, the hack involves a ready-made SMS or iMessage, which gives a link to a website. By clicking on this link, this software takes control of the device. This software takes full control of the mobile device’s operating system by rooting (on Android devices) or jailbreaking (on Apple iOS devices).
Both rooting and jailbreaking remove the security checks built into the Android or iOS operating system, giving an unknown attacker full control over the phone. Most of the media coverage on Pegasus is related to the takeover of Apple devices. Spyware also infects Android devices, but it is not as effective.
Aren’t Apple devices more secure?
Apple devices are generally considered to be more secure than their Android counterparts, but no device is 100% secure. Apple exercises strict control over its operating system code as well as the applications it downloads through the App Store. Apple also has full control over updates.
Android devices, on the other hand, are based on open source concepts, so hardware manufacturers can add additional features or customize the display. Overall, both platforms can be vulnerable to attacks, although it will take more time, effort, and money to invest.
How do I know if I am being watched?
Pegasus spyware is unlikely to have been used to monitor someone who is not publicly important or politically active. The specialty of any spyware is to stay hidden on the device. That is, no one can easily know him. So there is a way to find out about a spyware attack.
Use the Amnesty International Mobile Verification Toolkit (MVT) for this. This tool can run on Linux or macOS and can scan your mobile device’s files and configuration by scanning the backup made from the phone. However, this analysis does not confirm or refute the tampering of the device and only gives a few indications that may indicate an infection.
What to do for better security?
While this type of attack is unlikely for most people, there are a few simple steps you can take to lower your potential risk.
1) Only open links from known and trusted contacts and sources while using your device.
2) Make sure your device is updated with reliable fixes and upgrades. If you are using Android, do not rely on notifications for new versions of the operating system. Check the latest version yourself, as your device manufacturer may not have released the update.
3) Keep your phone out of the reach of people. To do this, activate the PIN code, finger or face lock on the device.
4) Avoid public and free WiFi services (including hotels), especially if you have access to sensitive information. Using a VPN is a good solution when you need to access such a network.
5) Encrypt your device data and activate the remote wipe function, if available. This way, if your device is lost or stolen, your data can be safe.
(Paul Haskell-Dowland, Associate Dean (Computer Science and Security), Edith Cowan University and Roberto Musotto, Researcher, Edith Cowan University)