We live our lives within the borders of our home, our haven away from the pressures of the world but, in an online world, we forget that our privacy is no longer sacred. It is simply a lock that needs a key.
Pegasus is that key. A surveillance tool at heart, the spyware has been covertly installed onto the smartphones of prominent journalists and activists around the world. The intention is clear, and the threat real.
What is Pegasus?
Created by Israeli cyber intelligence firm NSO Group, Pegasus exists to help law enforcement battle crime. The NSO says that it intended to "develop best-in-class technology to help government agencies detect and prevent terrorism and crime."
Somewhere along the line, those priorities have changed. Thanks to leaks from prominent publications such as The Guardian, we know that it targeted and monitored specific individuals to gather data.
The NSO has confirmed the existence of the spyware but has said that it only sells the tool to governments and is not responsible for its misuse.
Pegasus first achieved prominence in 2016 when discovered on a smartphone that belonged to a human rights activist. Since then, it has stayed in the limelight. Facebook even went to court and sued NSO Group for making the tool.
The lawsuit also shed light on the extent NSO was willing to go to keep their tool relevant. Facebook claimed that the attackers had reverse-engineered the WhatsApp app to send malicious code over the network.
Human rights defenders, tech companies and governments must work together to increase security and hold the abusers of spyware accountable. Microsoft was bold in their actions last week https://t.co/dbRgdfTIcA
— Will Cathcart (@wcathcart) July 18, 2021
What makes the software worrisome is that its installation is covert and hard to trace. There are a variety of exploits that Pegasus can use to slither its way into a phone.
How does Pegasus work?
There are a variety of exploits that Pegasus targets to install itself onto a smartphone. The simplest way is to get the user to click on an infected link or use a voice call vulnerability in WhatsApp that allows installation simply by placing one missed call. The tool also deletes the call logs afterwards, so you have no way of knowing what happened.
The more recent traces have used an exploit called zero-click. This vulnerability allows Pegasus to become operational without needing any user input. On iPhones, this was possible using a weakness in the mail app where a threat actor could send remote code with mail that consumed large amounts of memory. Apple reportedly patched this in 2020.
On Android, this exploits the operating system's graphics library. A threat actor could send hundred's of multimedia messages and brute force its way into Android's memory system to run remote code. Google and Samsung both confirmed that they had patched this bug.
Other exploits include Apple's Wireless Device Link, the peer-to-peer networking protocol used by iOS devices to talk to each other. Apple acknowledged that it was powerful enough to shut off and reboot systems before being patched.
Despite the security updates and patches, Amnesty international confirmed that Pegasus still managed to infiltrate Android and iPhones as recently as July 2021.
Once Pegasus finds its way onto a smartphone, it operates with all possible permissions. It can track your call logs, monitor your calls, access your camera to record video and use your microphone to record audio. It can read your browsing history and collect information on your app activities. It can read your inputs and, it can even use your GPS to track your current location.
All of the data from the smartphone is extracted and sent to the threat actor. This process is invisible and hard to detect.The implication that government's around the world use Pegasus to spy on innocent journalists and activists is chilling. With our thoughts already soured by this revelation, we can only guess what lies behind the curtain.