‘Pegasus’ is the father of every software in spying, your phone will be hacked- Disclosures related to Pegasus spyware have increased the concern of users regarding privacy. The biggest tension is that Pegasus doesn’t use the old methods. It performs a ‘zero-click’ attack in which the phone operator does not need to do anything. Pegasus is the world’s most powerful spyware, it is almost impossible to detect. Let us understand how this software works and is there any effective way to avoid it or not.
What is Pegasus? Who made?
Pegasus was developed by Israeli cyber intelligence and security firm NSO Group. It is also known by names like Q Suite and Trident. This is the best spyware out there in the market. For this, Apple’s mobile operating system iOS and Android devices can be breached. According to the NSO Group website, the company creates technologies that can “help government agencies”. So that thousands of lives can be saved from terrorism and crime around the world.
Why is this spyware dangerous?
Guess how dangerous Pegasus can prove to be for its target, from the fact that Pegasus has more access to its phone than the user. The Guardian cited Amnesty International’s Claudio Guarnieri in its report. According to Claudio, who runs the security lab in Berlin, this spyware acquires ‘root level privileges’. This means that Pegasus can monitor everything on your phone. Be it messages or internet browsing, photos or store files… Pegasus has access to everything.
What is zero-click attack?
Spyware like Pegasus perform ‘zero click’ attacks. Meaning it does not require any human to do anything. You don’t have to click anywhere or browse anything. This spyware is installed automatically. In other words, even if you know how to avoid phishing attacks or know which link to click and which not, it makes no sense. Most such attacks target software that receives data without determining whether it is coming from a trusted location or not. such as an email client.
iOS or Android, took advantage of everyone’s flaws
In the same year, a cyber security firm named ZecOps claimed that there was a flaw in the iPhones and iPads that helped in such attacks. In November 2019, Google Project Zero security researcher Ian Beer showed that the iPhone can be completely captured without any user interaction. The graphics library of phones running Android 4.4 or higher was flawed. The attackers also took advantage of the flaw in WhatsApp. Now Amnesty is claiming that Pegasus has been breached even after these loopholes have been removed.
Is it possible to avoid zero-click attack?
It is very difficult to detect such attacks. Almost impossible to stop them. If there is encrypted data then it is more difficult because it does not know which data packets are being sent or received. Users can keep all their operating systems and software updated so that at least those vulnerabilities that have been identified can be fixed. Downloading apps from anywhere other than Google Play or Apple’s App Store also invites danger. With a little more care, you can stop using apps completely. Use the browser to access email and social media on the phone.
What happened two years ago?
In 2019, WhatsApp said that more than 1,400 of its users in 20 countries were targeted by Pegasus in May of that year. The company said that Pegasus took advantage of a vulnerability in the video calling system and sent malware to mobile devices. That shortcoming has now been patched and addressed. NSO reportedly first created fake WhatsApp accounts through which video calls were made later. When the user’s phone rang, the attacker transmitted the lethal code and the spyware was automatically installed on the phone. Even if the user has not picked up the call.