Everything You Need To Know About The NSO Pegasus Spyware

Over the last couple of weeks, there have been stories about the NSO Group, and the Pegasus Spyware. There are allegations that the NSO Group’s Pegasus spyware can successfully hack a smartphone through a text message. A lot of people have been targeted with the Pegasus spyware including two women who were close to the murdered journalist Jamal Khashoggi. 

The potential hacking power of the Pegasus Spyware has made many call it the “ultimate spyware.” Others have also viewed it as “the most sophisticated” smartphone attack. 

Amnesty International found 67 smartphones allegedly targeted by the Pegasus spyware and conducted a forensic test. The results show that 37 smartphones were targeted with spyware, out of which 23 were successfully hacked. Although there’s still more information to gather, here’s all you need to know about the NSO Pegasus Spyware.

What Is The NSO Group, and What is Pegasus?

NSO Group is an Israeli tech company that makes products to allow the government to spy on specific citizens. It was founded in 2010 and has over 500 employees. According to the group, the role of its spyware is to help “government intelligence and law-enforcement agencies use technology to meet the challenges of encryption” especially during investigations. 

However, businesses and civil corporations are not pleased with the spyware, as it can affect business-to-government relationships and invade one’s privacy. 

Pegasus is spyware developed by the NSO Group. The spyware infects targeted phones and sends back every possible data, including audio messages, photos, SMS, and other data. According to the NSO Group, the program is untraceable to the government because it uses clandestine operations. 

Brief Origin of The NSO Pegasus Spyware

The Pegasus Spyware was originally created to fight global terrorism. Its name ‘Pegasus’ was derived from the Trojan horse and implies that the spyware can be flown into different smartphones. 

The origin of Pegasus is traced to 2013, where it was used in the U.A.E. Although the spyware is just getting a lot of recognition, it has been reportedly used in over 40 countries of the world, including Israel, Mexico, the USA, India, and others.

The NSO Group had earlier told The Washington Post that it only releases its products to governmental agencies and ends the relationship with the agency if there is evidence of abuse of the Pegasus spyware. However, in 2019, there were suspicions that Pegasus was getting data from some Whatsapp communications in India. 

Recently, Amnesty International raised concerns that the NSO Group may be giving oppressive government agencies access to the Pegasus spyware. Hence, causing an unjust violation of privacy rights. By July 2021, Amnesty International conducted an investigation and reported that the Pegasus spyware had indeed been misused. 

How The NSO Pegasus Works

From the moment the Pegasus infects a smartphone, it can steal any data. The spyware can be installed through various means. One major method is through clicking the link often sent through SMS or iMessage. Once the link is clicked, it compromises the device with the spyware. 

There is also the zero-click attack method, where the spyware can take control of the device just by receiving the link through iMessage. The flaws of the iMessage service can be used in carrying out such attacks. 

A lot of reports from the media focus on the attacks on Apple devices, however, Android phones can be attacked. For Android devices, an attack is unleashed when a user installs an app from an unsupported app store on Android devices. If the spyware doesn’t install instantly, it will ask the user to grant permission to certain information, including SMS, contacts, call history, microphone, GPS, emails, browsing histories, and others. Once permission is granted, every piece of information on such a device will be harnessed. 

There are other ways Peagaus can be installed on a device, including manual installation when a device is unlocked. The sad part about the Pegasus is that it is almost impossible to know when it is on a device. The device needs to be scanned in a digital security lab before it is detected. 

NSO Pegasus Targeted Groups

Based on the information in reporting centers, about 50,000 phone numbers have been targeted for the Pegasus project. When the phone numbers were analyzed, it was discovered that some belonged to people that should have been kept off-limits, based on the NSO Group mandate. It includes 3 presidents, 189 journalists, 85 human rights activists, and a king. 

Conclusion

The NSO Pegasus Spyware was initially created to help government agencies in crime and terrorism investigation. However, there are reports that the Pegasus spyware is being misused by government agencies, for unknown reasons. Although the investigation is still ongoing on the Pegasus spyware, companies and individuals are urged to take cybersecurity seriously.