How does the Pegasus spyware that is used to hack the phones of journalists, officials and activists work?
Pegasus can hack phones without the user’s knowledge, read their messages, track the location, access the cell phone’s camera and microphone, take screenshots and review browsing history. Its factory is Israeli and can only be purchased by governments and state security agencies.
Pegasus is a type of malware that collects information from a device and then shares it with third parties without the consent or knowledge of its owner. It was created by NSO Technologies, an Israeli technology company founded in 2010, allegedly to hunt down terrorists and criminals.
A journalistic investigation published a few weeks ago details that this spyware, which can only be purchased by governments and state security agencies, has been used to hack the phones of journalists, human rights activists and government officials.
A 2019 Financial Times publication notes that NSO Technologies has assured its clients that it is able to pull all of a person’s data from the clouds of Apple, Google, Facebook, Amazon and Microsoft.
The Israeli company denied media reports that its Pegasus program is linked to mass surveillance by journalists and human rights defenders. It has stated that it does not operate licensed spyware for its customers and that it has “no knowledge” of the specific intelligence activities performed by the purchasers.
Read also: Apple sues Israeli company Pegasus for spyware for hacking iPhones
Jerome Belloa, a cybersecurity expert at consultancy firm Wavestone, said in an interview with AFP that the Despite the fact that phone security has been enhanced over time, and many instant messages contain encrypted applications, there is always an interest in having specialists look for vulnerabilities.d, and this is where spyware makes its way at millionaire costs to those who obtain their licenses.
Pegasus can hack cell phones without the user’s knowledge, allowing customers to read all messages, track a user’s location, access the cell phone’s camera and microphone on and off, take screenshots, and review the browsing history on the device.
According to research by AI, Pegasus is designed to evade defenses on iPhone and Android devices and leave little trace of its attack. Passwords or encryption codes are not enough for Pegasus which, on the contrary, can attack phones without giving any warning to users.
The attack can start in different ways. It could come from a malicious link in an SMS or iMessage. In some cases, the user has to click on the link to start the infection,” the Washington Post reports.
Experts point out that in recent years, spyware companies have developed “no-click” attacks, which spread spyware simply by sending a message to the phone and users don’t even have to touch their phone for it to be activated.
This type of software is considered an attack cybersecurity product, and according to data from NSO Technologies, it is the Israeli Ministry of Defense that should authorize the sale of Pagasus licenses to third countries.
“These sophisticated means of espionage were intended for countries with very high financial capabilities, which allowed them to develop attack tools for use within a well-defined framework,” said Biloa.
What’s more: Pegasus case: Spyware sees “everything that appears on the screen” of the phone
The expert adds that the subscription to this type of benefit is several million dollars per year and is limited to the number of people to spy, but today private companies provide these spy tools to many countries, which reduces costs and increases the accessibility of cyber-attacks. And easy to perform.