Explainer: What is Pegasus?

Suman Tiwari

October 2, 2021


Explainer: What is Pegasus?

Pegasus spyware was developed by NSO Group, Israel. Spyware like Pegasus can harvest personal data, from multiple sources like email and phones.

It can retrieve or take photos from your phones, switch on the mobile microphone and record voice secretly, share GPS location, photos, or any file from your mobile to third parties.

However, in explaining why such software is made, the founders of NSO Group said, “the motto behind creating such software is totally ethical and it’s designed exclusively for government intelligence and law enforcement agencies to fight crime and terrorism.”

The Mexican government, on the other hand, has admitted publicly that they used Pegasus Spyware’s phone interception feature to track and capture drug lord EL Chapo. EL Chapo is currently serving his sentence at the United States Penitentiary Maximum Facility.

How is Pegasus spyware planted?

Pegasus is deadly spyware. iOS and Android users are vulnerable to Pegasus Spyware. Unlike its counterparts, which at least require a click or the need to install spyware, Pegasus can be installed into your phone even via a missed call.

As reported by The New York Times,  the NSO Group charged its customers USD 650,000 to infiltrate 10 devices (iOS or Android), plus an installation fee of USD 500,000.

Surprisingly, the majority of users who are being tracked by Pegasus are not criminals but journalists, government officers, activists, politicians, royal family members, and even the head of state. Recently, French President Emmanuel Macron was in the news because he changed his phone and number after a confirmed report of being targeted with Pegasus.

Forbidden stories, a Paris-based nonprofit media organization and Amnesty International conducted forensic tests and investigations and confirmed human rights violations around the world as 50,000 phone numbers were found in a surveillance list.

Overall, the list contained phone numbers for more than 600 government officials and politicians from 34 countries. In addition to the countries where top leaders’ phone numbers appeared, were the numbers of officials in Afghanistan, Azerbaijan, Bahrain, Bhutan, China, Congo, Egypt, Hungary, India, Iran, Kazakhstan, Kuwait, Mali, Mexico, Nepal, Qatar, Rwanda, Saudi Arabia, Togo, Turkey, the United Arab Emirates, the United Kingdom and the United States.

How can one protect themselves from Pegasus?

Incorporating advanced threat protection mechanisms like email encryption, multi-factor authentication, antivirus software, Virtual Private Network, regular monitoring and patching of each connected device/component (Servers, routers, computers, Printers, Mobiles, etc) are recommended in order to be protected from Pegasus.

What Protection is available to common people?

Common people are equally vulnerable to attacks and protecting themselves can be very costly. However, there are several ways in which common people can protect themselves from such attacks.

Hackers have invested their time in exploiting the software and finding loopholes in software. They trick users with a mechanism called phishing.

Therefore, one should frequently monitor and set limits for data usage. It is also important to keep an eye on battery and memory usage because if your phone is on surveillance, it will consume more data, memory and battery.

Clicking on any link coming from an untrusted source should also be avoided, unnecessary permission while installing any app should not be given.

For example, why would a news-reading app require access to your contact details, camera, GPS location, or SMS? Denying such requests can help in protecting one’s personal information.

Likewise, keeping software up to date, avoiding free and public WiFi, sharing username, password, OTP, credit card number and CVV to anyone in any format should be avoided.

(Suman Tiwari is a Software Engineer)