Scroll Top

PEGASUS SPYWARE AND HOW DOES IT USE ZERO-CLICK VULNERABILITY

Introduction

Pegasus is spyware, it infiltrates your phone or any other device, using a vector. The vector is what carries the spyware inside the device it could be WhatsApp, it could be via messaging, it could be via mail. A global collaborative investigative project has revealed that Israeli company NSO Group’s Pegasus spyware targeted over 300 mobile phone numbers in India including that of two serving ministers in the Narendra Modi government.

What is Israeli Spyware Pegasus?

Pegasus is software developed by an Israeli security company called NSO. NSO has developed many things in recent times. But it is Pegasus that is sort of been in the limelight for the past few years. Pegasus is spyware, it infiltrates your phone or any other device, using a vector. It installs itself onto the device and starts beaming out your data or what you are doing your activity your internet behaviour, all of that to the attacker.

Who are targeted using Pegasus?

Pegasus has been used to target a lot of important people across the world. NSO does not sell Pegasus or any of its products to anybody out there. It sends it only to sovereign players, or a government or government institution which also makes it more interesting. So it is spyware which means traditional spyware used by spies. But unfortunately what is happening is that there is a lot of internal spying also happening which means the government are using it to keep a tab on their citizens.

How does it get installed On your phone?

Pegasus has been there for quite some time it started around 2017. It used to use traditional phishing techniques, which means you get a link. Users have got suspicious links on emails or messages on WhatsApp even instant messaging like on Facebook Messenger. They will see a message which just does not look right and a lot of people do click on it and that is how it gets installed. But what has happened with the latest in a series of stories being done on Pegasus is that it comes to light that Pegasus does not need to do that anymore. It uses something called zero-click vulnerability which means the user can install itself onto a device without the user actually initiating an action or just making a mistake, so that is not needed. For example, if a user gets an email, which has this malware or spyware in it and the user has a client on his phone, like his Apple, and Apple mail or any other mail client, which download emails, even before it scans it like as if the email has already been downloaded before it checks whether there is a problem with this in those things it already gets installed even before you can act on it. And in this case, it is even more worrying because the user does not know he is been attacked, there is no way to prevent it because users are not really doing anything to do it.

Once installed, what can Pegasus do?

Amnesty international forensic team which is looking at the Pegasus spyware in a data dump that was being attacked are saying that the attacker gets more control on the phone than the user itself because, in an iPhone, it goes into the root files, which means it can change anything or it can see everything that you are doing on the phone without an exception. It can also then transmit this data to your attacker and then the attacker gets files, data logs, your contacts, your email, all of that can be read by your attacker.

How to know if you are being attacked?

It is very difficult for the user to know he or she has been targeted. You will see maybe that your phone is showing up at times and users might not realize it is happening because of spyware because most of the phones as they get older do tend to become slower and they do hang at times so the users don’t think that it is something malicious happening.

Can we prevent such AN attack: The way Ahead

Preventing this attack, especially if it is a zero-click attack is very difficult. In the earlier case which was a spear-phishing kind of thing, it is very more traditional and over time, at least people who have the kind of data that they need to protect have become very cautious about clicking certain links or installing apps that they don’t trust. In the present situation, where you really don’t have to do anything on your own the most user can do is to ensure that you are using the latest version of the operating system and of all the apps on the user phone so if in case, there is a vulnerability that has already been identified by Apple or Google then you might have a patch to prevent it that is also an Amnesty saying that even in some phone, which had the latest version of the operating system even they have been breached now, which means users can’t really prevent it. But one prevention or one caution you have to take is to update your operating system whenever a new update comes in and this applies for apps to keep them on an auto-update kind of mode. The other thing to do is you should not sideload any apps, which are not supposed to be there on your phone or is not being delivered via your operating system. There is another way is to stop using the app if you don’t trust a certain kind of app, stop using it, use the same on the browser.

Author(s) Name: Tarang Ajmera (Rajiv Gandhi national university of Law, Patiala)

Related Posts