For several days continuously, the media has been reporting about CBA’s purchase of powerful surveillance tool. In the interview for “Polska i świat” magazine, a deputy prime minister Jacek Sasin convinces that “righteous citizens who do not hide anything, have nothing to fear”. Is it the case?
A malware named Pegasus was created in 2010 by the Israeli company NSO Group, which is engaged in guaranteeing the safety of cyberspace.
It is a spyware capable of hacking devices despite the operating system (iOS or Android). Pegasus can capture the following data: text messages, e-mails, security keys, audio-records or information from installed apps (a.i. WhatsApp, Instagram, Facebook). Besides, the program records conversations and video chats as well as take screenshots.
The Pegasus attack begins with a simple phishing scheme: the program identifies its target, then the URL address of the harmful site is sent to the device. The website can be sent via e-mail, social media or text message.
In iOS’ devices case, the malware launches “the zero-day attack” when the user clicks on the link. The program executes so-called “jailbreak” (removing software restrictions) and thereby the spyware can be installed.
The browser closes as soon as the dangerous link is opened and it is the only indication that something bad happened (the new processes have launched on the phone).
Shortly after Pegasus installs on the device, it begins to contact the operator’s servers to receive and execute commands. Malicious code in its software runs processes that track the activity of the user.
What is more, it collects data and informs about the phone user’s actions. It can also share a call history, messages, and registry from applications such as Facebook, Facetime, Gmail, WhatsApp, Tango, Viber and Skype.
As the plblog.kaspersky.com page informs:“Pegasus did not use vulnerabilities of the zero-day for Android operating system, instead it applied by a well-known method that grants root permission (via Framaroot program).”
The entire attack was a failure if the iOS version of Pegasus could not crack the security of the device. It differs in the Android version – even if the malware does not grant itself root or superuser permission so that it installs the program, it asks the user to grant it. Thanks to them, it will be able to extract at least part of the data.
According to the Google company, dozens of Android devices was a victim of the attack, but considering it was a targeted, spy cyber-attack, such data is disturbing.
Who benefits from Pegasus
Ordinary criminals can be excluded as Pegasus users. This can be explained in a very simple way – it is a powerful tool, not sold to a random person. According to the NSO Group, the company’s customers are only countries.
What the Israeli company announces may not be entirely true; they claimed that Troian has embedded software that disallows it to run in the US. But in 2018, Citizen Lab revealed that the victims were found in the United States.
Taking all into account, journalists’ reports from the TVN24 program “Czarno na białym” can be terrifying (although the Central Anti-Corruption Bureau statement of September 4, 2019, says that the purchase of such a system did not take place).
Following steps can protect you
So can we sleep peacefully because of the information provided in the statement? Not altogether. The very fact that Pegasus exists, makes us aware that malware programs reached a very high level of development.
There are many serious threats in cyberspace. Here are some easy steps that can save you from danger:
Remember to update your smartphone, never postpone it (especially patch updates);
Do not click on links that you receive from unknown sources, and certainly do not do it mechanically. A moment of consideration can save you from the potential phishing and any other targeted attacks;
Think many times before you install anything on your phone, especially the WhatsApp application. There had been reports from “Financial Times”, that WhatsApp messenger had a vulnerability that allows a hacker to install NSO Pegasus spyware on the devices via one call;
Install a reliable security program like Usecrypt Messenger. Why this one in particular?
Usecrypt is the only communicator that checks if your phone was hacked.
The application checks if the phone is vulnerable to the attack, it does not allow malware to take screenshots (attackers will only see black screen), and checks if the processes such as “jailbreak” for iOS or “gain root permission” for Android take place.
Each time the Usecrypt launch, it checks if its the only program with the access to the microphone, camera, and speaker.
As the only application, it determines the security status of the device and decides whether a call can be made or files transferred. If the program detects that the device may a victim of attack, the smartphone user will receive a message about the increased risk of using a particular application.
Moreover, if it detects questionable software, it will not launch.
In that way, Usecrypt Messenger secures your device from threats such as capturing your calls, messages, video chats or photos by the third party.
Collaboration: Adam Goliszek, iMe