Pegasus
Introduction
Ahmed Mansoor an Arab human rights defender received a text message promising “secrets” about torture happening in prisons in the United Arab Emirates by following a link. He sent this link to Citizen lab of University of Toronto which with the collaboration of Lookout – a software firm, investigated and found out that if Mansoor had followed the link, it would have jail-broken his phone and implanted a spyware: Pegasus! It is the name for perhaps the most powerful piece of spyware ever developed. Once it has encroached into your phone, Pegasus can turn it into a 24-hour surveillance device. Developed by NSO Group an Israeli cyber-arms company, it can copy messages you send or receive, harvest your photos and record your calls, it might secretly film you through your phone’s camera, or activate your microphone to record your conversations. It can pinpoint where you are, where you’ve been and who you’ve met.
Pegasus : The Origin
Pegasus was the brainchild of NSO Group, a private Israeli cyber-arm company which is named after the first letters of its founders: Niv Carmi, Shalev Hulio and Omri Lavie. The three were in fact ex-members of unit 8200, a division of Israeli Intelligence Corps which specializes in signal collection and code decryption. NSO Group developed its first iteration of Pegasus spyware in 2011. The NSO Group has published sections of contracts which require customers to use its products only for criminal and national security investigations and has stated that it has an industry-leading approach to human rights. Pegasus was designed with the intention to counter terrorism. Hence it was agreed that Pegasus would only be sold to foreign governments and not to private entities and with the consent of Israeli government.
How Pegasus infiltrates a phone and what it can do
The earliest version of Pegasus which was discovered in 2016 in Ahmed Mansoor’s phone infected mobile devices through what is called spear-phishing text messages or emails that trick a target into clicking on a malicious link. Since then, however its attacking capabilities have become more advanced. Pegasus infections can be achieved through so-called zero-click attacks- i.e., they can run without any interaction from the victim. Once installed, Pegasus has been reported to be able to run arbitrary code, extract contacts, call logs, messages, photos, web browsing history, settings, as well as gather information from apps including but not limited to communications apps iMessages, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype. In 2019 WhatsApp revealed that NSO’s software had been used to send malware to more than 1,400 phones by exploiting a zero-day vulnerability which are flaws or bugs in an OS that the mobile phone’s manufacturer does not yet know about and so has not been able to fix. Malicious Pegasus code will be installed on the phone by simply placing a WhatsApp call, even if the target never answers the call. Once installed there is literally nothing Pegasus cannot access. When an iPhone is compromised, it’s done so in such a way that allows the attacker to obtain administrative privileges or root privileges, in other words Pegasus can do more than what the user can do. More recent versions of Pegasus only inhabit the phone’s temporary memory rather than it’s hard drive, meaning that once the phone is powered down virtually all traces of the software vanishes.
Do we need to worry?
Well, in the first place Pegasus is quite expensive, as per the reports it charges the government bodies around USD 650,000 to spy on 10 iPhones or android phones with additional charges like installation fee, maintenance fee etc. Secondly the software as per NSO’s specifications can only be used by foreign governments as a tool to ensure safety of the nation. Therefore, unless and until you become someone who the government thinks should be spied on, Pegasus won’t get in your way!
Read more
We hope this blog post has sparked your curiosity, just as the nodes on the screen come alive when touched. Stay tuned for more exciting content next week!