Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

How to Search for, Spot and Stamp Out Pegasus Spyware From Your Phone

How to Search for, Spot and Stamp Out Pegasus Spyware From Your Phone

The powerful Israeli military-grade spyware made international headlines on Sunday, when media investigations discovered that at least 50,000 people across more than a dozen nations had their cellphones targeted in sophisticated hack attacks that stole information and turned devices into mobile bugs.

Governments, journalists, opposition politicians and rights groups worldwide are demanding a formal inquiry into Pegasus, the spyware product created by shadowy Israeli software company NSO Group. Sold to states to ‘fight terrorism and crime’, the software has been discovered to have been used in unscrupulous ways to target members of the press, lawmakers and others, helping to stamp out dissent or allow governments to get ahead of potentially embarrassing scandals.

How It Works


Pegasus is not your typical one-click piece of malware which requires user interaction – usually by following on a malicious link - to get access to a device. Instead, the spyware infects phones through a so-called zero-click attack, which needs no interaction from the user and simply installs itself and starts harvesting data.

Once installed, the spyware, which is compatible with both Android and Apple iOS, can gain access to all manner of data on a user’s phone, from contacts and encrypted messages to call records, photos, and GPS location data. What’s more, it’s capable of turning microphones and cameras on or off remotely, thus turning the user’s device into a mobile listening or viewing device.

To conceal its presence, Pegasus minimises bandwidth consumption to avoid draining the battery and raising user suspicions. Instead, it sends regular scheduled updates to command and control servers (C2s) – the computers or domains used by whoever is doing the spying. Unfortunately, the spyware is also impervious to commercially available antivirus software.

How to Check for Pegasus?


The spyware’s inconspicuous nature, its zero-click installation, and imperviousness to antiviruses makes it virtually impossible for phone owners to detect its presence simply by observing their device.

There’s hope, however. Because the software connects to the aforementioned C2s, a search to determine whether or not a phone communicated with known Pegasus installation servers can theoretically detect whether the malware is present.

Amnesty International, the London-based human rights organisation that helped media blow the lid off the extent of Pegasus’ spread in this weekend’s reporting, identified compromised iPhone devices by studying the records of process executions and network usage performed the phones’ database files - datausage.sqlite and netusage.sqlite.

Amnesty’s analysis found a total of 45 suspicious process names in their analysis, with Citizen Lab, a University of Toronto-based software developer working to protect citizens against surveillance, matching 28 of these processes in their own independently conducted inquiry.

Technology giants such as Apple, and app-makers such as Facebook’s WhatsApp, haven't simply been sitting on their hands while Pegasus runs amok on their devices and software since the spyware was first discovered in 2016, and have sought to close security breaches once they are found. This is one reason NSO Group has worked to develop new versions of its spyware. Unfortunately, the Israeli spyware giant appears to have remained one step ahead of companies such as Apple for the moment, with Citizen Lab research fellow Bill Marczak reporting on Monday that the latest version of iOS, version 14.6, is still vulnerable to Pegasus’ zero-click attacks.


Users can independently scan their phones for signs that their device has been compromised using Amnesty’s ‘indicator of compromise’ (IoC) toolkit. The software, formally known as the ‘Mobile Verification Toolkit’ or MVT, works with both iOS and Android, and is available for download here.

In its current form, the software is not an easy-to-use experience, has no graphical user interface, and installs on phones’ command line, meaning that basic knowledge of basic coding is needed (details here). The toolkit also requires the download and installation of dependencies to operate.

Once installed, the software allows users to create a backup of their device, check backup files, including artefacts from iTunes’ proprietary backup system, if applicable, extract artefacts from filesystem dumps, and compare stored data with known indicators of compromise. The Android version of the software, which Amnesty says is less fleshed out because of Pegasus’ greater prevalence on iOS devices, includes the ability to check for the download of non-safelisted APKs (apps), and to search for backups for text messages with links to the roughly 700 known NSO domains (Amnesty says this list will be continually updated).

TechCrunch contributor Zack Whittaker tested out the toolkit on an iPhone, and reported that it takes about 10 minutes to get it up and running, plus the time it takes to back up the phone, which is necessary to decrypt locally stored files. The scan itself takes just one to two minutes, and lists possible signs of compromise in the outputted files.

You’ve Got Pegasus – What Now?


Tech experts don’t make it explicitly clear what can be done if Pegasus is found on a device. In a 2019 study, Citizen Lab found that in the case of Android devices, the malware can survive a factory reset on some phones, meaning that the only way to be sure you’re not infected is to get a new phone.

It’s not clear whether NSO Group’s software can survive a hard reset on iOS devices, with Apple tech support reluctant even to admit that its advanced “sandboxed iOS architecture” can be compromised, and recommending software updates to deal with the problem (they don't).

Tech specialists don’t mention it, but another possible way to reduce exposure to Pegasus is to reduce one’s exposure to the digital world.

Journalists, activists, politicians and others who feel vulnerable can do so by using landlines or simple button phones with no internet capabilities for Pegasus to exploit, by engaging in face-to-face meetings instead of voice and text message conversations, using analogue or simple digital voice recorders, etc. If giving up your smartphone is not an option, there’s always the alternative of using a non-Android, non-iOS smartphone, which may be less vulnerable to the Israeli spyware by virtue of its more limited user base.

None of these techniques can guarantee that whoever may be monitoring you illegally won’t be able to do so, but it will at least require a greater effort on their behalf to do so.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Vatican hosts first Catholic LGBTQ pilgrimage
Apple Unveils iPhone 17 Series, iPhone Air, Apple Watch 11 and More at 'Awe Dropping' Event
France joins Eurozone’s ‘periphery’ as turmoil deepens, say investors
France Faces New Political Crisis, again, as Prime Minister Bayrou Pushed Out
Nayib Bukele Points Out Belgian Hypocrisy as Brussels Considers Sending Army into the Streets
France, at an Impasse, Heads Toward Another Government Collapse
The Country That Got Too Rich? Public Spending Dominates Norway Election
EU Proposes Phasing Out Russian Oil and Gas by End of 2027 to End Energy Dependence
More Than 150,000 Followers for a Fictional Character: The New Influencers Are AI Creations
EU Prepares for War
Trump Threatens Retaliatory Tariffs After EU Imposes €2.95 Billion Fine on Google
Tesla Board Proposes Unprecedented One-Trillion-Dollar Performance Package for Elon Musk
Gold Could Reach Nearly $5,000 if Fed Independence Is Undermined, Goldman Sachs Warns
Uruguay, Colombia and Paraguay Secure Places at 2026 World Cup
Trump Administration Advances Plans to Rebrand Pentagon as Department of War Instead of the Fake Term Department of Defense
Big Tech Executives Laud Trump at White House Dinner, Unveil Massive U.S. Investments
Tether Expands into Gold Sector with Profit-Driven Diversification
‘Looks Like a Wig’: Online Users Express Concern Over Kate Middleton
Florida’s Vaccine Revolution: DeSantis Declares War on Mandates
Trump’s New War – and the ‘Drug Tyrant’ Fearing Invasion: ‘1,200 Missiles Aimed at Us’
"The Situation Has Never Been This Bad": The Fall of PepsiCo
At the Parade in China: Laser Weapons, 'Eagle Strike,' and a Missile Capable of 'Striking Anywhere in the World'
The Fashion Designer Who Became an Italian Symbol: Giorgio Armani Has Died at 91
Putin Celebrates ‘Unprecedentedly High’ Ties with China as Gazprom Seals Power of Siberia-2 Deal
China Unveils New Weapons in Grand Military Parade as Xi Hosts Putin and Kim
Rapper Cardi B Cleared of Liability in Los Angeles Civil Assault Trial
Google Avoids Break-Up in U.S. Antitrust Case as Stocks Rise
Couple celebrates 80th wedding anniversary at assisted living facility in Lancaster
Information Warfare in the Age of AI: How Language Models Become Targets and Tools
The White House on LinkedIn Has Changed Their Profile Picture to Donald Trump
"Insulted the Prophet Muhammad": Woman Burned Alive by Angry Mob in Niger State, Nigeria
Trump Responds to Death Rumors – Announces 'Missile City'
Druzhba Pipeline Incident Sparks Geopolitical Tensions
Cost of Opposition Leader Péter Magyar's Economic Plan Revealed
Germany in Turmoil: Ukrainian Teenage Girl Pushed to Death by Illegal Iraqi Migrant
United Krack down on human rights: Graham Linehan Arrested at Heathrow Over Three X Posts, Hospitalised, Released on Bail with Posting Ban
Asian and Middle Eastern Investors Avoid US Markets
Ray Dalio Warns of US Shift to Autocracy
Eurozone Inflation Rises to 2.1% in August
Russia and China Sign New Gas Pipeline Deal
Von der Leyen's Plane Hit by Suspected Russian GPS Interference in an Incident Believed to Be Caused by Russia or by Pro-Peace or by Anti-Corruption European Activists
China's Robotics Industry Fuels Export Surge
Suntory Chairman Resigns After Police Probe
Gold Price Hits New All-Time Record
UK Fintechs Explore Buying US Banks
Greece Suspends 5% of Schools as Birth Rate Drops
Apollo to Launch $5 Billion Sports Investment Vehicle
Bolsonaro Trial Nears Close Amid US-Brazil Tension
European Banks Push for Lower Cross-Border Barriers
Poland's Offshore Wind Sector Attracts Investors
×