Monday Jul 19, 2021
Israeli firm NSO's spyware Pegasus — which has been around since 2016 — has targeted several high-profile people across the globe through one of the most "sophisticated hacking tools", the Independent reported.
The spyware, which can target both Apple iOS and Android devices, can be used to record calls, copy, send messages, and even film people via phone cameras, the publication said.
The spyware has the ability to evade most forensic analysis, avoid detection by antivirus software, and be deactivated or removed by its operators inconspicuously, and has the potential to turn smartphones into 24-hour surveillance devices.
The Pegasus links cellphones to Command and Control Servers (C2s) — which are computers or domains — used to send and receive commands and data to those devices, experts said.
To evade suspicion, the spyware uses minimal bandwidth consumption and regularly scheduled updates to the control servers.
"The C2s domains can, therefore, be used to confirm a Pegasus hack, by correlating the likely timeline of when a device may have been infected with the time stamps for different data on linked C2 servers," the publication said.
"For instance, one such forensic method used by Amnesty International is based on 'temporal correlation' between the first appearance of data in logs and phones’ communication with known Pegasus installation servers," it said.
Indian digital rights activist Nikhil Pahwa took to Twitter talking about the extent of control via the software.
“Not acting urgently on this critical public emergency threatens liberal democracy and human rights worldwide,” say experts.
Early versions of Pegasus required targets to click on malicious links quietly installing the software on their smartphones and monitoring private data, including passwords, calls, texts, and emails.
The spyware now advanced uses "zero-click" exploits or attacks. It activates the software without using any secretive and exploitative links.
Due to the spyware's sophistication, it can be hardly detected on a person's phone, but thanks to Amnesty International's Forensic Methodology Report, we can look for traces that it leaves.
The report highlighted that initial traces were recorded on Safari's browsing history, but eventually, such suspicious redirects were found to take place in other apps as well, India Today reported.
The report mentions a whopping total of 700 Pegasus-related domains.
Another method of spotting Pegasus, as described in the report, is that it could be detected through the iOS "records of process executions "and their respective network usage in two specific files".
However, a regular person cannot detect the spyware on their phones and only experts can do this, the publication said, adding that Amnesty would soon release its tools through which it had detected Pegasus.
Cybersecurity experts, according to India Today, said that spyware cannot be completely removed from the device, as it could still remain on the phone despite a complete factory reset.
"Users can check for all the indicators of a compromise through Amnesty International's GitHub. In addition, the organisation has also released a modular tool, called Mobile Verification Toolkit (MVT) for such an analysis," the publication said.
In case a cellphone user finds traces of Pegasus, they should either dispose of their phone or change the passwords of their applications and services they had used on it.