Pegasus, the spy program that hacked journalists, politicians and celebrities

Although Pegasus has made headlines for allegedly spying on politicians in Europe, this is nothing new. A real scandal broke out when 17 international media outlets discovered that the software was used to monitor 37 smartphones belonging to human rights activists and journalists.

In July 2021, a research initiative called Project Pegasus, along with an in-depth analysis by the human rights group Amnesty International, found that Pegasus had been used on a large scale against high-profile targets around the world.

According to the BBC, more than 1,000 people in more than 50 countries could have been affected by Pegasus. And thanks to Kim Zatter via Twitter, you can learn that there is a list of about 50,000 phone numbers believed to be from interest to NSO Group customers that has been leaked to the media.

How Pegasus works and how it affects iOS users

Pegasus is a spyware software (spyware) for iOS, the iPhone operating system, designed and developed by an Israeli private security company called NSO Group. A development that, in principle, is only offered to the governments, forces and security forces of the State. There is a version for Android, but the attack method is different.

What makes Pegasus so dangerous is that it can be installed and run on all iOS devices up to version 14.6, and does not require the intervention of the victim for its installation and execution, becoming invisible and untraceable with the naked eye. Spyware can take control of iPhone in the following ways:

- By clicking on a link on a website viewed from Safari

- By using any of the system applications such as Photos, Notes, Apple Music or iMessage .

Once Pegasus takes control of the victim's iPhone, it's invisible. You can obtain and steal information from contacts, call inventory, messages, photos, browsing history, certificates, system settings, and monitor applications.

This allows the aggressor to compile messages from third-party mail apps, such as WhatsApp content and messages, Gmail, Facebook, Telegram, etc. Also, as if it were an effigy of spies, it can intercept calls and messages, make audio recordings and get all the information from iPhone or Android phone remotely.

In addition, it is untraceable to the destination; that is, you cannot know for sure who is behind the malware. In fact, this dependence is one of the great demands of NSO Group, especially on the flourishing of clandestine activities.

Methods to detect if an iPhone is infected with Pegasus

If an iPhone user wants to rest assured, there are some ways to check if the terminal has been infected with Pegasus. Amnesty International has developed a tool to identify this malware called MVT (Mobile Verification Toolkit), whose source code is available on GitHub.

The only thing to keep in mind is that MVT is not a plug-and-play software (technology that allows a computing device to be connected to a computer without having to be configured), nor are there any easy ways to install and run it. It has to be compiled for a specific device, which makes it difficult to access.

MTV cannot scan the device directly, so before starting the process, it is necessary to make a full backup of the system on the computer - that is, MVT actually checks the iOS or Android backup, not the smartphone itself.

However, there are some third-party tools that make the process a little easier. The iMazing app includes Pegasus detection as a free feature. The application uses the MVT kit. Instructions and download are available here.

KEEP READING