Pegasus: The Spy in Your Pocket

If there’s one lesson that doesn’t get old, it’s that all your devices have vulnerabilities that can be exploited in the cyber space. Even if a product undergoes stringent, penetration testing and you find fifty flaws in a system that need to be fixed, that doesn’t necessarily mean you’ve caught them all. 

This includes the very mobile phone you carry around in your pocket every day. 

This is especially true of Pegasus Spyware, arguably the most advanced spyware currently on the market, which can attack your phone by taking advantage of a zero-click exploit. You don’t even have to click on a link or open up an attachment. Your phone receives an innocuous message and the spyware client has remote access just like that.  

Even WhatsApp’s end-to-end encryption is no match, the spyware exploiting a vulnerability with the voice calling feature to infect phones even when the phone call isn’t answered. 

Pegasus Spyware, developed by NSO, an Israeli surveillance company, can access every message you’ve sent or received, it can see every photo or email. It can turn on your microphone and camera and record you remotely. It can record what’s on your screen. It can turn on your phone’s GPS to monitor your location. It can do all this while remaining virtually undetectable. 

Who’s been affected? 

According to a list leaked from the NSO’s Cyprus servers by hackers, there are over 50,000 alleged victims of Pegasus.  

This list includes the President of France, Emmanuel Macron, and the phones of US-Based Journalist Jamal Khashoggi’s wife, Hanan Elatr, and fiancée, Hatice Cengiz. Rodney Dixon QC, a London-based lawyer, is also on the list, putting his attorney-client confidentially in potential jeopardy. Pegasus has also been linked to a hack of the iPhone of Jeff Bezos, founder and long-time CEO of Amazon.  

World-wide, politicians and government officials, journalists, human right’s activists and business executives have been targeted by Pegasus. 

Notably, with Business executives and companies, high value targets of this type of data breach are often those who have access to technological research, market data and critical infrastructure.   

Due to Pegasus’ invasive nature, the confidentially of many businesses and valuable assets, including things like company software, hardware and the data of millions of customers, are in danger of being compromised. 

How does this affect the most popular phones on the market? 

Androids and iOS, both the most popular mobile platforms in the world at the moment, are extremely vulnerable to Pegasus. While it seems that Pegasus to have been able to successfully erase its tracks on Android devices, meaning it remains unclear exactly how many of them were infected, iPhones have one last secret trick of their own up their sleeves.   

On an iPhone, there’s a file called DataUsage.sqlite which records all the software that’s run on it. If you back up your iPhone to a computer, you can search through the backup and open this normally inaccessible file to see the records. This is where, ironically, a mistake was made on the part of the infiltrator. Every time software is run on an iPhone it is actually listed twice in that file. During the clean up, Pegasus only removed one of the logs, not the other copy. 

How can this cybersecurity threat be combated? 

To help counter this latest invasion of privacy, Trail of Bits has released iVerify 20.0, an Apple-approved app which now has a new feature designed to detect traces of Pegasus on mobiles. Amnesty International has also released a tool on GitHub designed to likewise detect the spyware. Every action has a reaction, and this is both a blessing and a curse in cybersecurity.