The latest weapon in spyware’s arsenal - exposed!

Published Jul 30, 2021 by Xiph

The problem is in the palm of your hand but the solution could be at your fingertips

It took a small army of journalists from 17 media organisations across 10 countries to clearly define and expose one of spyware’s most virulent strains and the dangers it presents. If the protection of privacy and resisting the big data mining machines and their insatiable hunger for bankable information, no matter how sensitive, is a priority for you or your business, you may want to sit down for this.

The latest weapon in spyware’s arsenal

It sounds ominous, doesn’t it? And it is, especially if you’re in a profession where discretion and the sensitive handling and protection of sensitive information is part and parcel of your role. Think journalist, lawyer, perhaps people in the medical fraternity, human rights activists, politicians, businesspeople, that sort of thing. By the way, that wasn’t a conclusive list. However, the aforementioned cadre of journalists and their organisations have conclusively outlined the capabilities and applied uses of NSO Group’s spyware called Pegasus. 

With great power, comes great opportunity…

Pegasus, spruiked and leased to governments as a vital tool in the tracking and monitoring of bad people doing (or planning to do) really bad things, is also able to keep tabs on good people hoping to achieve really good things too. According to the Washington Post, the investigation undertaken by journalists and media groups revealed that:

Thirty-seven targeted smartphones appeared on a list of more than 50,000 numbers that are concentrated in countries known to engage in surveillance of their citizens and also known to have been clients of NSO Group, a worldwide leader in the growing and largely unregulated private spyware industry, the investigation found. The list does not identify who put the numbers on it, or why, and it is unknown how many of the phones were targeted or surveilled.”

So what does it do? Well, Pegasus has the capacity to collect and deliver an unlimited amount of personal and private data – without tipping off the user. Again, if this spyware prevents crimes and slows down criminal activities that’s one thing however, things become problematic when the wrong spyware lands in the wrong hands for the wrong reason. The public perception issue that NGO Group is facing is that allegations suggest that the spyware industry is poorly regulated and as a result, human rights have been jeopardised, compromised or simply, in some cases, swept away.

The question might be, how worried should ordinary citizens and businesses be that spyware is allegedly completely out of control… and how does Pegasus work anyway?

Here’s how Pegasus works (against us)!

Just a quick glance back through our extensive library of blogs will reaffirm that we are always advising people to only open digital communications from sources you trust, use strong passwords, use a VPN etc. These are all valid. The problem is that spyware, and in this case, Pegasus, was designed to slip past all these conventional measures and even defeat more complex defences.

Oftentimes, this spyware is installed on a phone through vulnerabilities in apps that we all know and trust – some that even boast end-to-end encryption. Of course, it will also try to trick you into clicking an innocent looking link that disguises malicious intent, exploiting the user’s trust in SMS, WhatsApp, imessage and more. From there, it’s understood that Pegasus will harvest data from the targeted device and transmit it back to the attacking source, delivering and or activating camera and microphone data, photos and videos, emails, sms, chats – almost everything!

Again, great for aiding in the apprehension of criminals but because of the regulatory gaps, ripe for abuse and exploitation by whoever gains access to the spyware. So, with all this in mind, how do businesses, organisations and individuals who are innocently going about their day-to-day, protect their data against spyware of this nature?

The problem (and thankfully) the solution may be in the palm of your hand

Faced with a piece of spyware that seeks out and takes advantage of vulnerabilities in popular apps as well as traditional online deceit via sketchy links, vigilance is an absolute necessity. However, Pegasus has been shown to be effective at infiltrating upgraded security measures of some top-selling handsets as well.

Sergeui Beloussov from Acronis, a data protection company says, “protecting a single application is not possible, the main vulnerability is your device.” In essence, the first step that people need to think about taking is selecting the right secure handset if data protection is a priority.

Spyware will continue to develop in terms of complexity, reach and capacity to harvest data. To help inform your next steps towards effective data protection, explore some secure options like Arcane handsets right here or contact us direct. We keep an eye on spyware and are here to help.


Posted in: Security