There can be a fine line between malware and dubious applications, but NSO's spyware Pegasus is so far past that line that you can't even see it anymore.
We often hear of strains of distributed malware in third-party app stores, and sometimes they even make it past the gates and find them coming from official sources. What separates Pegasus from the rest is that it's likely the most advanced spyware ever identified in the wild. The reason is simple; it exploits zero-day vulnerabilities in popular applications such as WhatsApp, iMessage and FaceTime to infect smartphones.
The NSO Group has been around for half a decade and specializes in selling government-grade spyware to a select pool of customers such as governments and law enforcement agencies. They've always asserted that law agencies and other institutions use their software for legitimate reasons. However, it's challenging to find corroborating evidence since such agencies won't admit to buying or using spyware.
It turns out that people can protect their iOS and Android devices from Pegasus if they only take one extra step.
Imagine a world without privacy
Spyware is a category of malware that grants third parties access to private information, including photos, files messages and call records from apps that are supposedly safe from such interference. The applications targeted by Pegasus are some of the most secure communication apps in existence: WhatsApp, Facebook, Twitter, Skype and Gmail.
Operators wielding this spyware would also be able to take screenshots, exfiltrate photos and directly access the phone's camera and microphone. Since our smartphones are constantly at attention, attacks would have a 24/7 window into a target’s life.
The process of compromising a device begins with the exploitation of the software to circumvent the built-in safety features. Once the device has been “rooted” or “jailbroken”, an application can have unrestricted access to stored data and other apps running on the phone. However, the compromised mobile phone remains open to all types of attacks even after the government-sanctioned data collection program has finished.
Fortunately, there is still hope for people who use security solutions and take the precautions they need to guard their digital lives.
No one is safe from attack, but everyone can be protected
It is possible to protect our digital life by taking several common-sense measures that dramatically limit the success rate of a potential Pegasus attack:
- Install applications from legitimate sources only. Avoid installing apps sent as links over messaging platforms, as they may be compromised.
- Always install OS updates and security patches as soon as they become available. If you are planning to leave the country for a vacation or business trip, make sure that your device is fully patched before you leave your home. Most mobile phones don’t download bulky updates via 4G, particularly when roaming on a foreign network.
- Set a pin- or pattern-based lock screen to prevent unauthorized physical access to your device.
- Regularly check which apps have device administrator privileges on your device and revisit your security choices if needed.
It's easy to think we're all set if we have all these boxes checked. But attackers have been known to deploy zero-day vulnerabilities, which means they've managed to compromise fully patched and up-to-date devices.
This is also why you need a security solution to automate security decisions. Bitdefender Mobile Security app on iOS or Bitdefender Mobile Security for Android first identified the Pegasus spyware back in 2017 and, over the years, we have constantly improved detection to keep up with this ever-improving spyware framework.
While mobile platforms give the impression of heightened security, Pegasus is a stark reminder that, as long as your device connects to the internet, it will never be safe as-is. The need for security solutions is now more evident than ever.