Keeping up with all the cybersecurity threats is no easy job. It’s not a coincidence that companies that deal with that sort of thing are so important. Every now and then, however, old threats resurface, like the Pegasus spyware that affects iOS devices — and many others. Here’s what you need to know about it, and how you can protect yourself.
What Is the Pegasus Spyware?
The Pegasus spyware was developed by the NSO Group, an Israeli company. The firm specializes in finding and exploiting security vulnerabilities in various apps, websites, and devices.
Usually, when individuals or organizations find security flaws in pieces of hardware or software, they report those to the developers. There’s a whole industry around that, called “ethical hacking”, which involves discovering vulnerabilities to claim bug bounty program rewards.
Who Created the Pegasus Spyware?
The NSO group, however, profits from these vulnerabilities by keeping their discoveries secret. They create software that use these flaws for activities like accessing a locked device’s data or installing tracking apps. Pegasus is one of such tools.
NSO’s founders are linked to Secret Service and military intelligence organizations. According to NSO, their products help fight crime and terrorism worldwide.
The company claims to only sell its tools, which involve espionage, surveillance, and tracking software, to governments in democratic countries. The Pegasus spyware, however, is known to have been used against journalists and activists fighting authoritarian regimes. It has also targeted high-level European government officials and even US diplomats.
How Dangerous Is Pegasus?
The answer is both “it depends” and “a lot”. Here’s why.
Unless you’re a high-profile political figure, an investigative journalist, or a known activist, there’s little chance that Pegasus will target you. That’s because the tool is expensive to purchase and operate, so even authoritarian governments aren’t likely to deploy it indiscriminately. That doesn’t mean targeting political opponents and journalists isn’t objectionable, only that, for most people, Pegasus isn’t an immediate danger.
However, there’s a good reason the default practice when finding a vulnerability is reporting it to the people responsible. If these security flaws are not patched, criminals can use them to target basically anyone. Since the NSO group doesn’t disclose how it breaches its targets’ devices, those same backdoors can be misused. Even worse: there’s a chance these flaws are being actively exploited right now.
Since the Pegasus spyware is a rootkit that allows full control of iOS devices, you can imagine its damage potential. Kidnappers can track their victims in real time, thieves empty someone’s bank accounts, and so on. Even terrorists could use these vulnerabilities to gain intel about highly confidential security practices and use them to plan attacks.
So, the Pegasus malware itself, as in the toolkit sold by the NSO group, may not be dangerous. Or it wouldn’t be if it weren’t used to empower authoritarian regimes and persecute journalists. Even then, the security flaws discovered and exploited by the company, if left unpatched, can be extremely dangerous.
How To Protect Your iPhone From Malware
Thankfully, there are some ways you can find out if your iOS device has been infected by the Pegasus spyware. A couple of tools can detect the malware presence on a given device, but there are some drawbacks.
Firstly, not all of them are easy to use. The Mobile Verification Toolkit (MVT), developed by Amnesty International, requires command-line knowledge and forensic analysis expertise.
Developers of the popular backup utility iMazing have integrated MVT into their software, making the toolkit more user-friendly. While many iMazing features are paid, the developers decided to keep this one free.
For the second issue, neither MVT nor iMazing can guarantee a device is free of highly specialized malware. You can be certain your iPhone has been infected if the tools detect the Pegasus spyware, but that’s it. If no breach is found, it may mean your device is clear. It may also mean, however, that it has been infected by a newer or different virus, which they can’t detect.
Lastly, even when iMazing or MVT successfully finds a Pegasus infection on iOS, they can’t remove it. The vulnerability exploited by the NSO group is so severe that an infection resists even factory resets. There’s currently no known way to get rid of the Pegasus spyware other than discarding the infected device.
Keeping our devices safe is extremely important, although often more arduous than what we’d like. While the Pegasus spyware may not be a major threat for many people, it’s important to maintain good cybersecurity practices. Among those, I recommend you scan your iPhone for viruses and keep a suite of security apps. You don’t want to risk your information — or worse, your bank funds — leaking away, right?