Unlike many other forms of phone hacking, Pegasus could be delivered to a user by a maliciously crafted message or attachment that could infect a user’s device, simply by ‘processing’ the received attachment. In some cases, users were infected simply by calling the user – the spyware was able to delete the call log to cover its tracks. — Photo by Rob Hampson on Unsplash
Pegasus, the spyware that is used to target and snoop on users via their smartphones came into the news in 2019 when WhatsApp, the Facebook-owned cryptomessenger sued the Israeli company behind the software, called NSO Group after it was discovered that more than a thousand users were allegedy being targeted around the world, according to reports.
To understand what Pegasus is and how it worked in the past, it is necessary to understand how the software was used to target individuals and how the affected companies changed their services to fix the security flaws being used by Pegasus back in 2019.
What is Pegasus?
Pegasus is a software tool created by the NSO Group, a form of spyware that can be used to target a person, gain control of their mobile device and compromise their privacy and security.
Unlike many other forms of phone hacking, Pegasus could be delivered to a user by a maliciously crafted message or attachment that could infect a user’s device, simply by “processing” the received attachment. In some cases, users were infected simply by calling the user – the spyware was able to delete the call log to cover its tracks.
On targeted devices, the software could gather information including monitoring keystrokes (passwords) call and location monitoring, as well as phone calls, SMS, calendar events, and other data from encrypted messaging apps such as WhatsApp. According to Kaspersky, it could also be turned into a spyware device, by using the camera and microphone remotely.
How is the average user affected?
Pegasus is very expensive software and the company behind the spyware has previously claimed that they do not sell the software except to authorised governments to combat terror and crime. It is unlikely that the average WhatsApp user has been targeted by Pegasus, while WhatsApp had also alerted users it believed were affected by the spyware after it was first reported.
At the time, Apple had issued a quick security patch to resolve the security flaw, while WhatsApp had also patched its app to secure users, both on iOS and on Android, so it is unlikely that users will have to worry about their safety at this point.
However, no system is inherently hack-proof, so it is best to keep your apps and system completely up to date to ensure that it is secure at all times. – The Hindustan Times, New Delhi/Tribune News Service
