Understanding how Pegasus can invade cellphones even if the user is doing nothing – 07/19/2021 – Worldwide

Governments of at least 10 countries have used the Pegasus program to spy on the cell phones of journalists and opponents, an investigation by several international news outlets has revealed.

Created by an Israeli company, Pegasus is considered one of the most modern digital spy weapons ever made, according to the Organized Crime and Corruption Reporting Project (OCCRP), which was part of the investigation revealed on Sunday (18) . The following is a summary of what is known about the spyware program and how to prevent attacks from tools like this.


What is Pegasus? A digital spy tool sold by the Israeli company NSO Group. Instead of trying to intercept data circulating on the internet, it settles inside the target cell phones and begins to gain access to all the information inside the devices.

The company says it provides the technology only to governments, for purposes such as investigating terrorists, pedophiles and criminals in general, but does not reveal its customers. All sales must be approved by the Israeli Ministry of Defense. Its existence became public in 2018.

What is he doing? Monitors virtually all information on cell phones, such as message exchange, email access, and phone conversations. It can also trigger the cell phone’s camera, microphone and GPS sensor to capture information without the user noticing.

By being inside the devices, it manages to bypass barriers such as end-to-end encryption, in which only the author and recipient of a message can access it.

How is the invasion going? There are several ways. Initially, infection by sending links was more common. The owner of the device has received messages with promotions that may be of interest to them, such as discounts on known products. When it clicked, it was directed to a bogus page, which triggered the spyware download and installation, without the user noticing.

There are many tactics to convince the victim to click on the link, such as sending a series of annoying spam emails. When the person clicks on the option “stop receiving this message”, they come across the infected link.

Over the past couple of years, the “zero link” model has become more common, in which infiltration takes place without the user having to do anything. The spyware searches for security holes in everyday applications or websites and infiltrates them.

By default, mobile applications are allowed to access the Internet. If the application security is not properly configured by the developers, a hacker may be able to infiltrate and send the spyware through any application, such as messages, music, news, exercises, etc. Upon entering the cell phone, Pegasus settles in and begins spying within seconds.

There is also the “network injection” tactic, which performs a momentary interception of the connection between the target cell phone and a known website. The attack lasts for milliseconds and manages to infiltrate before the user’s website or device notices the failure.

However, this option is more complex, as it depends on monitoring how the target user uses the internet, to know which app or website to set the trap and the exact time to trigger it. Thus, it is also necessary to have access to the connection data, stored by the telephone operators.

Can this type of espionage be used in Brazil? By law, no. “The secrecy of communications is a constitutional guarantee,” says Francisco Brito Cruz, director of Internetlab, a technological research center. Governments and investigators can only break it with judicial authorization, and for specific purposes: they can only request the seizure of the device or the violation of telematic secrecy (which includes calls, texts and e-mails). -mails). This does not include hacking and real-time device monitoring.

Are there ways to identify if my device has been hacked? “In the case of sophisticated tools like Pegasus, it is almost impossible for a non-expert user to notice that there has been an invasion,” says Brito. To verify this, the experts look on the device for links used in previous attacks or connections between the device and servers linked to the NSO. Even so, there are often no leads.

What to do to protect yourself? The main way is to keep the apps and operating system (iOS, Android, etc.) updated as they fix the security holes. It’s a constant struggle, in which IT companies seek to fix loopholes while hackers look for new ones. Thus, the more obsolete the device, the greater the risk of invasion.

Another recommendation is not to click on pages where your browser (like Chrome or Firefox) warns you that there are security holes, like “expired certificate”. These warnings indicate that the connection between you and the desired website may have been severed, paving the way for hacking.

How much does it cost to use a hacking tool? Cracking a dozen phones, using a version prior to Pegasus, costs around US $ 650,000, plus an installation fee of US $ 500,000, according to a 2016 New York Times report. At cost, such programs are not used massively, but rather targeted at targets, such as political opponents, activists, businessmen and journalists.

Leave a Reply

Your email address will not be published. Required fields are marked *