Think before you click or don’t click at all: Pegasus explained

By Vicky Nanjappa  |  First Published Nov 2, 2019, 5:11 PM IST

While Whatsapp spyware row has been grabbing national headlines, it's important to know what is Pegasus, how it functions and how one users can secure themselves from it.

The Indian government has sought an explanation from WhatsApp on the alleged surveillance of phones of some persons. The Facebook-owned messaging service said that it had shared information with the Indian government about the technical breach.

In a statement, WhatsApp said, "Our highest priority is the privacy and security of WhatsApp users. In May, we quickly resolved a security issue and notified relevant Indian and international government authorities. Since then we have worked to identify target users to ask the courts to hold the international spyware firm known as the NSO Group accountable.”

Commenting on this, government sources said that the information was given, but there was no mention of Pegasus or the extent of the breach. The information spoke about a technical vulnerability, but never mentioned that the privacy of the Indian user had been compromised.

Further, officials from WhatsApp and the Indian government have met in the past few months. The incident of August was not informed and this is something that we would like to question them about, said a government source. The US and UK too have demanded an explanation and this cannot be a coincidence, the source also informed MyNation.

How does Pegasus work:

Kaspersky during its Security Analyst Summit discussed Pegasus and it was said that it exists for both Android and iOS as well. Pegasus was discovered by Ahmad Mansoor, a UAE human rights activist after he was targeted. 

After receiving several messages, he found that these were malicious links, following which he sent them to security experts from Citizen Lab, who in turn brought in another security firm, Lookout, for the investigation.

Had Mansoor clicked on the link, his phone would have been infected with the malware. The malware, according to Kaspersky, was called Pegasus and it was even dubbed as the most sophisticated attack that was ever seen on any endpoint.

Pegasus attributed to NSO Group, an Israeli company sold to anyone and everyone who is ready to pay for it. This is important considering that there were reports that NSO only works with government agencies. 

Kaspersky on its website says that Pegasus relies on a whopping three zero-day vulnerabilitiesin iOS that allowed it to silently jailbreak the device and install surveillance software. Another cyber security firm, Zerodium, once offered $ 1 million for an iOS zero day.

Pegasus, which is a modular malware, which after scanning the target device, installs the necessary modules to read the user’s messages and mail, listens to calls, capture screenshots, log pressed keys, ex-filtrate browsers history and contacts. It can also listen to audio streams and read encrypted audio messages. 

Kaspersky says that the malware self destructs if it is unable to communicate with its command and control server for more than 60 days. It would even self-destruct if it is installed on the wrong device with the wrong SIM card. 

Moving across platforms:

After the first version, the second one came up. The researchers at Lookout had a talk about Pegasus for Android. Google calls it Chysaor and the Android version is similar to that of the iOS.

Kaspersky explains that the Android version does not rely on zero day vulnerabilities. It uses a rooting method called Frameroot. In the Android version, even if the malware fails to obtain the necessary roots, it would still try directly asking the user for permission needed to at least ex-filtrate some of the data.

While Google has claimed that only a few Android devices have been infected, the Pegasus for Android have been observed in Israel, Georgia, Mexico, Turkey, Kenya, Nigeria and UAE.

How to secure yourself from Pegasus:

When the Pegasus was discovered, Apple issued an iOS security update 9.3.5 that patched all three of the vulnerabilities. Google, on the other hand, said that if you have updated your OS to the latest software version and have not received any warning message from Google, you are probably safe and not vulnerable to Pegasus.

Kaspersky provides three tips on how to stay as safe as possible: 

  • Install a good security solution on each device. There are none for Apple, but it is hoped that Apple would re-think its policy.
  • Update devices on time and pay special attention to security updates.
  • If you receive a link from an unknown source do not click on it automatically. Think before you click or don’t click at all.

Read Exclusive COVID-19 Coronavirus News updates, at MyNation.

click me!