Pegasus Spyware attacks cell phones

Over the weekend, there’s been story after story about a company called NSO Group, and a piece of spyware called Pegasus. Some of the stories have been shocking, with allegations that fully updated smartphones can be hacked with a single text message.

A coalition of news outlets, including The Washington Post, Le Monde, and The Guardian is behind the reporting, and they’re calling it the Pegasus Project. Amnesty International ran detailed forensics on 67 smartphones to look for evidence that they were targeted by Pegasus spyware — and 37 of those phones tested positive. But many crucial details still aren’t clear.

WHAT IS PEGASUS, AND WHO OR WHAT IS NSO GROUP?
Pegasus is spyware developed by a private contractor for use by government agencies. The program infects a target’s phone and sends back data, including photos, messages, and audio / video recordings. Pegasus’ developer, an Israeli company called NSO Group, says that the software can’t be traced back to the government using it — a crucial feature for clandestine operations.

In short, NSO Group makes products that let governments spy on citizens. The company describes the role of its products on its website as helping “government intelligence and law-enforcement agencies use technology to meet the challenges of encryption” during terrorism and criminal investigations.

WHO WAS BEING SPIED ON?
No one knows for sure. However, much of the reporting centers around a list containing 50,000 phone numbers, the purpose of which is unclear. The Pegasus Project analyzed the numbers on the list and linked over 1,000 of them to their owners. When it did so, it found people who should’ve been off-limits to governmental spying (based on the standards NSO says it holds its clients to): hundreds of politicians and government workers — including three presidents, 10 prime ministers, and a king — plus 189 journalists, and 85 human rights activists.

According to The Guardian, Amnesty ran its analysis on 67 phones connected to the numbers. It found that 37 of the phones had been at least targeted by Pegasus, and that 23 of those phones had been successfully hacked.

WHO ELSE IS ON THE LIST?
A Washington Post report details some of the highest-ranking officials with numbers on the list. According to an analysis done by the Post and other Pegasus Project members, the current presidents of France, Iraq, and South Africa were included, along with the current prime ministers of Pakistan, Egypt, and Morocco, seven former prime ministers, and the king of Morocco.

WHAT DOES PEGASUS DO?
According to The Washington Post, the spyware can steal private data from a phone, sending a target’s messages, passwords, contacts, photos, and more to whoever initiated the surveillance. It can reportedly even turn on the phone’s cameras or microphones to create covert recordings.

Recent versions of it have reportedly been able to do this without having to get the user to do anything — a link is sent to their phone, without a notification, and Pegasus starts collecting information. In other cases, Pegasus has reportedly relied on users to click phishing links that then deliver the Pegasus payload.

IT CAN DO ALL THAT ON IPHONES? WHAT ABOUT APPLE’S SECURITY AND PRIVACY?
In a statement to The Guardian, Apple didn’t deny NSO’s capability to exploit iPhones, instead saying that attacks like Pegasus are “highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” thereby not affecting most Apple customers. Apple did say that it continues “to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Still, as The Washington Post points out, the fact that the iPhone could be so thoroughly compromised by a reportedly invisible message is unfortunate for a company that prides itself on security and privacy, one that put up “what happens on your iPhone, stays on your iPhone” billboards. Security researchers lay the blame on iMessage and its preview software — despite the protections that Apple has reportedly implemented recently to try to secure iMessage.

ARE ONLY IPHONES VULNERABLE?
No. A lot of the reporting focuses on iPhones, but that’s only because they’ve proven easier to analyze for signs of a Pegasus infection than Android phones have. Pegasus can, however, infect both. Both Apple and Google have commented on the situation, with Apple condemning attacks against journalists and activists, and Google saying that it warns users of attempted infiltrations, even those backed by governments.

HOW CAN I CHECK IF MY PHONE WAS COMPROMISED?
Amnesty International has actually released a tool that can be used for analysis, and you can read our guide on how to use it here.
https://www.theverge.com/2021/7/21/22587234/amnesty-international-nso-pegasus-spyware-detection-tool-ios-android-guide-windows-mac

Thanks again to The Verge