“Softwares like the one described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”- Apple’s official statement on Pegasus
In this digitally advanced era, cyber security has emerged as a pressing issue across most sectors. Companies working across the globe now invest exponentially more in protecting their data and strengthening firewalls to encrypt and ensure their servers. Unfortunately, individuals do not have that liberty or the requisite resources to lend a similar protection to their own data.
Taking advantage of this susceptibility, unauthorized third-parties in the form of corporations and governments often end up collecting data without user consent. One of the most raging controversies regarding illegal surveillance emerged in 2021 involving the use of Pegasus, a spyware designed to steal sensitive data from devices- phones, laptops, etc.
In this article, we shall attempt to understand what exactly is the Pegasus software, how it works and related aspects. Read on!
About the Software
- Pegasus was developed in 2010 by the Israeli firm, the NSO Group.
- Pegasus spyware was first discovered in an iOS version in 2016 and then a slightly different version was found on Android.
- Pegasus spyware is able to read the victim’s SMS messages and emails, listen to calls, take screenshots, record keystrokes, and access contacts and browser history. Hackers can hijack the phone’s microphone and camera, turning it into a real-time surveillance device.
- Pegasus can send back to the hacker the target’s private data, including, contact lists, calendar events, passwords, text messages, and live voice calls from popular mobile messaging apps”.
- The target’s phone camera and microphone can be turned on to capture all activity in the phone’s vicinity, expanding the scope of the surveillance.
- Pegasus has evolved from a crude system that was reliant on social engineering to software that can compromise a phone without the user having to click on a single link. This is called Zero-click attack.
Issue of Access
The NSO Group has maintained that is has sold the Pegasus software to only vetted and legitimate government agencies. This means that no private individual or corporation can get access to this software.
How Much Does It Actually Cost?
According to a commercial breakdown, NSO charges government agencies $650,000 to spy on 10 iPhone users; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users — on top of the setup fee. One can pay for more targets.
Some Ways By Which You Can Minimise Risk
- Install reliable encryption softwares on your phone to keep your data safe. Use instant messaging softwares that have end-to-end encryption.
- Refrain from connecting your devices to Wi-fi networks which are public in nature for example in railway stations, cafes, shopping malls, etc. These networks are usually more susceptible to spyware attacks.
- Do not open links that look suspicious or links received from someone unknown. Avoid links that are offering offers or gifts, especially those which are ‘too good to be true’. If you know the sender, ask them if they know about the source of the link and request them not to share it further.
- Keep a back-up of your important data in case it gets erased or corrupted.
- It is important to keep updating the existing apps on your phone as app developers often identify and remove bugs in the subsequent versions of the software. Update such apps from a trusted source i.e. Google Play Store or the Apple Store instead of a third-party download.
Needless to say, the Pegasus software is extremely advanced and there is a pressing need of oversight on its usage. In a situation where cons clearly outweigh the pros, it is important that authorities take steps to protect an individual’s right to privacy against arbitrary monitoring, especially without sufficient grounds.
YLCC would like to thank Sachet Labroo for his valuable inputs in this article.
