How does Pegasus spyware infect your phone?
There’s nothing particularly complicated about it
How did they do it?
There’s nothing particularly complicated about how the Pegasus spyware infects the phones of victims. The initial hack can involve a crafted SMS or iMessage that provides a link to a website. If clicked, this link delivers malicious software that compromises the device.
The aim is to seize full control of the mobile device’s operating system, either by rooting (on Android devices) or jailbreaking (on Apple iOS devices).
Usually,rootingon an Android device is done by the user to install applications and games from non-supported app stores, or re-enable a functionality that was disabled by the manufacturer.
Similarly, ajailbreakcan be deployed on Apple devices to allow the installation of apps not available on the Apple App Store, or to unlock the phone for use on alternative cellular networks. Many jailbreak approaches require the phone to be connected to a computer each time it’s turned on (referred to as a “tethered jailbreak”).
Rooting and jailbreaking both remove the security controls embedded in Android or iOS operating systems. They are typically a combination of configuration changes and a “hack” of core elements of the operating system to run modified code.
In the case of spyware, once a device is unlocked, the perpetrator can deploy further software to secure remote access to the device’s data and functions. This user is likely to remain completely unaware.
Most media reports on Pegasus relate to the compromise of Apple devices. The spyware infects Android devices too, butisn’t as effectiveas it relies on a rooting technique that isn’t 100% reliable. When the initial infection attempt fails, the spyware supposedly prompts the user to grant relevant permissions so it can be deployed effectively.
But aren’t Apple devices more secure?
Apple devices aregenerally considered more securethan their Android equivalents, but neither type of device is 100% secure.
Apple applies a high level of control to the code of its operating system, as well as apps offered through its app store. This creates a closed-system often referred to as “security by obscurity”. Apple also exercises complete control over when updates are rolled out, which are then quicklyadopted by users.
Apple devices are frequently updated to the latest iOS version via automatic patch installation. This helps improve security and also increases the value of finding a workable compromise to the latest iOS version, as the new one will be used on a large proportion of devices globally.
On the other hand, Android devices are based on open-source concepts, so hardware manufacturers canadapt the operating systemto add additional features or optimize performance. We typically see a large number of Android devices running a variety of versions — inevitably resulting in some unpatched and insecure devices (which is advantageous for cybercriminals).
Ultimately, both platforms are vulnerable to compromise. The key factors are convenience and motivation. While developing an iOS malware tool requires greater investment in time, effort and money, having many devices running an identical environment means there is a greater chance of success at a significant scale.
While many Android devices will likely be vulnerable to compromise, the diversity of hardware and software makes it more difficult to deploy a single malicious tool to a wide user base.
How can I tell if I’m being monitored?
While the leak of more than 50,000 allegedly monitored phone numbers seems like a lot, it’s unlikely the Pegasus spyware has been used to monitor anyone who isn’t publicly prominent or politically active.
It is in the very nature of spyware to remain covert and undetected on a device. That said, there are mechanisms in place to show whether your device has been compromised.
The (relatively) easy way to determine this is to use theAmnesty International Mobile Verification Toolkit (MVT). This tool can run under either Linux or MacOS and can examine the files and configuration of your mobile device by analyzing a backup taken from the phone.
While the analysis won’t confirm or disprove whether a device is compromised, it detects “indicators of compromise” which can provide evidence of infection.
In particular, the tool can detect the presence of specificsoftware (processes)running on the device, as well as a range ofdomainsused as part of the global infrastructure supporting a spyware network.
What can I do to be better protected?
Although most people are unlikely to be targeted by this type of attack, there are still simple steps you can take to minimize your potential exposure — not only to Pegasus but to other malicious attacks too.
1)Only open links from known and trusted contacts and sources when using your device. Pegasus is deployed to Apple devices through an iMessage link. And this is is the same technique used bymany cybercriminalsfor both malware distribution and less technical scams. The same advice applies to links sent via email or other messaging applications.
2)Make sure your device is updated with any relevant patches and upgrades. While having a standardized version of an operating system creates a stable base for attackers to target, it’s still yourbest defense.
If you use Android, don’t rely on notifications for new versions of the operating system. Check for the latest version yourself, as your device’s manufacturermay not be providing updates.
3)Although it may sound obvious, you should limit physical access to your phone. Do this by enabling pin, finger or face-locking on the device. TheeSafety Commissioner’s websitehas a range of videos explaining how to configure your device securely.
4)Avoid public and free WiFi services (including hotels), especially when accessing sensitive information. The use of a VPN is a good solution when you need to use such networks.
5)Encrypt your device dataand enableremote-wipe featureswhere available. If your device is lost or stolen, you will have some reassurance your data can remain safe.
Article byPaul Haskell-Dowland, Associate Dean (Computing and Security),Edith Cowan UniversityandRoberto Musotto, Research fellow,Edith Cowan University
This article is republished fromThe Conversationunder a Creative Commons license. Read theoriginal article.
Story byThe Conversation
An independent news and commentary website produced by academics and journalists.An independent news and commentary website produced by academics and journalists.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
