(This story was first published on 31 October 2019 and has been republished from The Quint's archives after publication of reports under the 'Pegasus Project', revealing how journalists, political leaders, activists and others may have been spied upon by the Israeli-made spyware Pegasus.)
WhatsApp might tout itself as a secure platform, but even that hasn’t helped its users from being attacked by the Pegasus spyware said to have been developed by an Israeli cyber technology firm.
A report in The Indian Express says the attack seems to have been targeted towards journalists, lawyers, Dalit activists, and at least two dozen academics. Chances are there could be more.
Pegasus is believed to allow anyone access to your phone’s files, messages, images. Basically, everything!
So, is there a way to know whether you have been affected by Pegasus? What happens if you have been compromised? We explain.
Here’s How You Can Tell If Your Phone Has Pegasus Israeli Spyware
1. What is Pegasus Spyware?
Developed by NSO Group Technologies, an Israeli technology cybersecurity firm, Pegasus is a program that allows the controller (a person who has injected the spyware) access to the infected smartphone’s microphone, camera and one can even gain access to messages, emails, and collect location data too.
As per a Kaspersky report, Pegasus even allows you to listen to encrypted audio streams and read encrypted messages. Basically, the hacker has access to the entire phone.
As per the NSO Group, the program has been sold only to vetted government agencies and is intended to fight against terrorism and crime.
The Kaspersky report also mentions that Pegasus was discovered in 2017 thanks to Ahmed Mansoor, a UAE human rights activist, who happened to be one of its targets.
He received several SMSs which he believed to contain malicious links and then took his phone to cybersecurity experts from Citizen Lab who, with the help of another cybersecurity firm Lookout, found it to be spyware (later dubbed Pegasus).
However, the origin of the spyware can be traced back to 2016. It affects both Android and iOS devices.
Expand2. How Do You Know If You Have Been Affected?
Pegasus spyware is nearly impossible to detect. As per a report in Financial Times, a phone can be infected with Pegasus just by calling it via WhatsApp. The user doesn’t even have to pick up the call and the phone will still get infected. You can also send it via email and SMS.
Pegasus is a sophisticated spyware which has some anti-forensic and self-destruct features. This makes it difficult to detect. Even if it is uninstalled later, it doesn’t leave any traces and there is no way to tell whether the device was affected.
Your phone does not show any lags or visible signs when it has been infected by Pegasus.
Since WhatsApp has filed a lawsuit against NSO Group, it has also come to light that the Facebook-owned messaging platform has information about the affected users although it hasn’t confirmed exactly how many users have been affected.
Also, WhatsApp has been sending alert messages to the list of affected users asking them to update to the latest version of the app. Till now, the message from WhatsApp is the only visible indicator that tells you whether your phone has been affected.
Also, WhatsApp has been sending alert messages to the list of affected users asking them to update to the latest version of the app. Till now, the message from WhatsApp is the only visible indicator that tells you whether your phone has been affected.
Citizen Lab is also sending alert messages to affected users.
If you want to be absolutely sure whether your phone has been compromised or not, it’s best to consult a cybersecurity expert.
Expand3. Does it Affect Other Apps?
Pegasus allows the controller to access the phone’s mic and camera, but nowhere does it mention that it can affect other applications.
Yes, the controller can have access to files, images and even read encrypted messages and emails, but there is uncertainty as to whether it allows them to manipulate other applications on the phone.
It also allows access to the location data of the user and one can also read screenshots and typing feedback logs. This way the controller can know what passwords you are using to access different websites and even banking applications.
To add to the above, it also provides access to contact details, browsing history, microphone recordings, and even retrieved files.
Expand4. What to Do If Your Phone Is Affected by Pegasus?
Many security experts and analysts have said that the only way to get completely rid of Pegasus is to discard the phone that has been affected.
Once you have replaced the device, ensure that all the apps that you install are up-to-date and have the latest software version.
According to Citizen Lab, even a Factory Data Reset of the phone doesn’t get rid of the Pegasus spyware. It lets attackers continue to access your online accounts even after your device is no longer infected.
In order to ensure your online accounts are safe, you should also change the passwords of all the cloud-based applications and services that you were using on the infected device.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)
Expand
What is Pegasus Spyware?
Developed by NSO Group Technologies, an Israeli technology cybersecurity firm, Pegasus is a program that allows the controller (a person who has injected the spyware) access to the infected smartphone’s microphone, camera and one can even gain access to messages, emails, and collect location data too.
As per a Kaspersky report, Pegasus even allows you to listen to encrypted audio streams and read encrypted messages. Basically, the hacker has access to the entire phone.
As per the NSO Group, the program has been sold only to vetted government agencies and is intended to fight against terrorism and crime.
The Kaspersky report also mentions that Pegasus was discovered in 2017 thanks to Ahmed Mansoor, a UAE human rights activist, who happened to be one of its targets.
He received several SMSs which he believed to contain malicious links and then took his phone to cybersecurity experts from Citizen Lab who, with the help of another cybersecurity firm Lookout, found it to be spyware (later dubbed Pegasus).
However, the origin of the spyware can be traced back to 2016. It affects both Android and iOS devices.
How Do You Know If You Have Been Affected?
Pegasus spyware is nearly impossible to detect. As per a report in Financial Times, a phone can be infected with Pegasus just by calling it via WhatsApp. The user doesn’t even have to pick up the call and the phone will still get infected. You can also send it via email and SMS.
Pegasus is a sophisticated spyware which has some anti-forensic and self-destruct features. This makes it difficult to detect. Even if it is uninstalled later, it doesn’t leave any traces and there is no way to tell whether the device was affected.
Your phone does not show any lags or visible signs when it has been infected by Pegasus.
Since WhatsApp has filed a lawsuit against NSO Group, it has also come to light that the Facebook-owned messaging platform has information about the affected users although it hasn’t confirmed exactly how many users have been affected.
Also, WhatsApp has been sending alert messages to the list of affected users asking them to update to the latest version of the app. Till now, the message from WhatsApp is the only visible indicator that tells you whether your phone has been affected.
Also, WhatsApp has been sending alert messages to the list of affected users asking them to update to the latest version of the app. Till now, the message from WhatsApp is the only visible indicator that tells you whether your phone has been affected.
Citizen Lab is also sending alert messages to affected users.
If you want to be absolutely sure whether your phone has been compromised or not, it’s best to consult a cybersecurity expert.
Does it Affect Other Apps?
Pegasus allows the controller to access the phone’s mic and camera, but nowhere does it mention that it can affect other applications.
Yes, the controller can have access to files, images and even read encrypted messages and emails, but there is uncertainty as to whether it allows them to manipulate other applications on the phone.
It also allows access to the location data of the user and one can also read screenshots and typing feedback logs. This way the controller can know what passwords you are using to access different websites and even banking applications.
To add to the above, it also provides access to contact details, browsing history, microphone recordings, and even retrieved files.
What to Do If Your Phone Is Affected by Pegasus?
Many security experts and analysts have said that the only way to get completely rid of Pegasus is to discard the phone that has been affected.
Once you have replaced the device, ensure that all the apps that you install are up-to-date and have the latest software version.
According to Citizen Lab, even a Factory Data Reset of the phone doesn’t get rid of the Pegasus spyware. It lets attackers continue to access your online accounts even after your device is no longer infected.
In order to ensure your online accounts are safe, you should also change the passwords of all the cloud-based applications and services that you were using on the infected device.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)