Israeli spyware manufacturer NSO Group is in hot water again after journalists have revealed their flagship ‘Pegasus’ software is being used to monitor the activities of journalists and private citizens. Leaked documents have shown that over 50,000 phones have been infected with the spyware, which can do everything from turning your camera on to logging your communications.
The NSO Group has consistently denied any wrongdoing – with a statement released by the company claiming that the media have “a complete disregard of the facts” – but the leaked information suggests that nation-states, such as Saudi Arabia, are using the technology to monitor political dissidents, activists, and journalists. In effect, governments are using Pegasus to weaponise mobile phones.
Worryingly, Pegasus spyware was found on murdered Saudi journalist Jamal Khashoggi’s phone (and on the phones of his family). In 2019, Shalev Hulio, the NSO Group’s chief executive, told American news show 60 Minutes that the NSO group had “nothing to do with this horrible murder”. Now, the company are refusing to communicate with any media enquiries in light of the recent leaks.
What is Pegasus?
Pegasus is a form of spyware that is designed to compromise smartphones running IOS or Android. The exact mechanism that Pegasus uses to infect phones is unknown, however, it’s likely that the software is exploiting a zero-day vulnerability – a term to describe a vulnerability that the software’s manufacturer isn’t aware of yet – in the operating systems that run on smartphones.
Unlike other forms of malware, Pegasus doesn’t require the user to be “socially engineered” into downloading and running malicious programmes. Instead, simply receiving an SMS message or a phone call is enough to infect your phone with the spyware.
Furthermore, Pegasus is incredibly sophisticated and well-funded software that can go virtually unnoticed by the phone’s user.
Who uses Pegasus?
Pegasus is software that is sold to governments and intelligence agencies from countries across the world, with Saudi Arabia being one of the most notable customers of the NSO Group.
However, security researchers are raising concerns about the possibility of criminal groups, or even terrorists, being able to exploit the same vulnerabilities that Pegasus exploits. As Pegasus is said to exploit zero-day vulnerabilities that phone manufacturers such as Apple are unaware of, it’s possible that criminal groups could also exploit the same vulnerabilities.
Why should I care?
Privacy advocates are rightly worried about the potential implications of the recent findings. Whilst spyware and even Pegasus software aren’t anything new, the revelation that governments are actively using the technology to monitor private citizens, journalists, and activists confirms that many have feared for some time: that technology is actively being weaponised by governments against their own citizens.
It’s unlikely that you will be targeted by either a domestic or foreign intelligence agency with spyware unless you have something of value, however, given that at least 50,000 phones have been compromised since 2016, there is concern that spyware could reach industrial levels over the coming years if left unchecked.
Those who are most likely to be targetted by Pegasus spyware include journalists, executives, high net-worth individuals, and politicians. Even being connected to a subject of interest can result in your phone being compromised, as recent revelations have shown.
How do I know if my phone has been infected?
Pegasus is sophisticated software and thus can be significantly harder to detect than other forms of malware. Furthermore, as this malware targets mobile phones, identifying suspicious programmes and processes can be significantly harder for the average user who is not familiar with computer forensics.
Amnesty International has provided an excellent tool for checking your phone for signs of infection.