The Pegasus affair

1 62
Avatar for M3i
Written by
1 year ago
Topics: Security, Society, Tips

Pegasus is one of the prominent creatures in Greek mythology. It is a winged horse which has been reported to have aided Bellerophon in defeat of the dreaded Chimera and Perseus in his flight to Ethiopia to aid Andromeda. It is usually depicted in white. The choice of colour is by no means a coincidence as the creature always aided the hero or the cause of good irrespective of its origin story as there are several of such stories.

The Pegasus in this piece though doesn't have such a noble tale but rather more of a chequered past. Although its creators claim the best of intentions for its end use, the choice of those they have chosen to do business with speaks volumes. They market it as a tool intended to fight crime and terrorism but have not put checks in place to ensure it is not abused or misused for other purposes such as unlawful surveillance on citizens.

From activists to high ranking government officials, apparently no one is safe from being spied upon with the Pegasus spyware application which continues to gain more notoriety. The investigations that followed the gruesome murder of prominent Journalist Jamal Khassogi exposed the fact that UAE govt agents compromised Khassogi fiancee mobile device with the Pegasus spyware before his murder.

Although the chief executive of NSO group, the company behind the Pegasus software denied these claims, reports obtained from independent investigations by Journalists indicate otherwise. A more recent case of their software likely being used illicitly is that of the hacking of the devices of the Spanish Defense and Prime Minister where substantial amount of data was gleaned off their devices without their slightest suspicion that their devices had been compromised which is a trademark of the Pegasus spyware.

What exactly is the Pegasus spyware and its capabilities?

It is an advanced spyware tool which targets mobile devices created by an Israeli tech firm known as the NSO group whose employees have a background of being former members of the Israeli armed forces cyber division. It can remotely turn on microphones and camera turning such devices into listening posts or surveillance devices and download all data such as text messages and media from the infected devices without the user noticing while all this is going on. Whoever deploys the Pegasus app on infected devices can also eaves drop on the victim's calls.

In early or older versions of the spyware Infection was achieved on the targeted device when the user clicked links included in text messages and electronic mails. In more recent versions, the NSO group have upped the ante as the user does not need to interact with the message bearing the spyware payload which is termed as a zero click attack.

Photo Credit: BBC.com

According to an amnesty international report, the first reported cases of these zero click attacks began as far back as May, 2018 and continue till date. The report further stated that the most recent documented case of this type of attack was in July, 2021 on a fully patched iPhone 12 running iOS 14.6. These zero click attacks exploit vulnerabilities termed as Zero day vulnerabilities which OS makers are not aware of (and hence have not patched) to infiltrate Android and iOS devices.

For Android OS , WhatsApp has been documented to have been exploited in 2019 for this kind of attack which for iOS, the iMessages software has been reportedly compromised in the past to execute the attack. What is more worrisome is that the Pegasus payload once successfully delivered has root privileges which implies that it has more control of the device than its owner.

Hence theoretically, it has the potential to be used to lock out the user from the device. It could also send incriminating messages the user isn't aware of and this could serve as evidence against such individuals for criminal prosecution or worse still allegations of terrorism or links to terrorism depending on the content of such messages.

It is in the light of the above mentioned scenarios and other potential abuses of the software that the European data protection supervisor (EDPS) advocated for the banning of the software as it was being used to intrude and violate the privacy of citizens which is unlawful and unacceptable. This is especially true when there is no legal backing for such actions by law enforcement or security agencies.

4
$ 6.42
$ 6.42 from @TheRandomRewarder
Sponsors of M3i
empty
empty
empty
Avatar for M3i
Written by
1 year ago
Topics: Security, Society, Tips

Comments

Cool!

$ 0.00
1 year ago