The software was developed by the Israeli company NSO Group and sold to government clients.
How did they do it?
Theres nothing particularly complicated about how the Pegasus spyware infects the phones of victims.
The initial hack can involve a crafted SMS or iMessage that provides a link to a website.
If clicked, this link delivers malicious software that compromises the gear.
It’s free, every week, in your inbox.
Rooting and jailbreaking both remove the security controls embedded in Android or iOS operating systems.
This user is likely to remain completely unaware.
Most media reports on Pegasus relate to the compromise of Apple devices.
This creates a closed-system often referred to as security by obscurity.
Apple also exercises complete control over when updates are rolled out, which are then quicklyadopted by users.
Apple devices are frequently updated to the latest iOS version via automatic patch installation.
Ultimately, both platforms are vulnerable to compromise.
The key factors are convenience and motivation.
How can I tell if Im being monitored?
It is in the very nature of spyware to remain covert and undetected on a rig.
That said, there are mechanisms in place to show whether your gadget has been compromised.
MVT runs in the terminal.
An iPhone I checked flagged a false positive (since fixed in the IOCs).
What can I do to be better protected?
1)Only open links from known and trusted contacts and sources when using your gear.
Pegasus is deployed to Apple devices through an iMessage link.
And this is is the same technique used bymany cybercriminalsfor both malware distribution and less technical scams.
The same advice applies to links sent via email or other messaging applications.
2)double-check your unit is updated with any relevant patches and upgrades.
If you use Android, dont rely on notifications for new versions of the operating system.
Check for the latest version yourself, as your devices manufacturermay not be providing updates.
3)Although it may sound obvious, you should limit physical access to your phone.
Do this by enabling pin, finger or face-locking on the rig.
TheeSafety Commissioners websitehas a range of videos explaining how to configure your unit securely.
4)Avoid public and free WiFi services (including hotels), especially when accessing sensitive information.
The use of a VPN is a good solution when you should probably use such networks.
5)Encrypt your gadget dataand enableremote-wipe featureswhere available.
If your gadget is lost or stolen, you will have some reassurance your data can remain safe.
