Pegasus, the Trojan horse stalking your phone secrets
PEgAsUs spyware is named after the flying horse of greek legend – and its abilities have a similarly mythic status.
The highly sophisticated software gives a hacker a terrifying level of remote access to someone else’s mobile phone, without the victim having the faintest idea their device has been hacked.
A malicious user can extract data including passwords, contacts, browsing history and social media posts, tell where the phone is, where it’s been and whether it is on the move.
The hacker can also see incoming or outgoing calls and, perhaps most chillingly, access the device’s camera and microphone to take pictures or listen in on conversations remotely.
This means sheikh Mohammed Al Maktoum, the absolute ruler of Dubai, could determine the movements and activities of his ex-wife and five associates, including a British peer – without any of them knowing.
The creators of Pegasus – secretive
Israeli ‘cyber intelligence’ company NsO group Technologies – have long boasted that the spyware worked like a ‘ghost’, tracking the movements of targets without leaving a trace. To avoid being spotted after racking up high data charges on phone networks, it transmits files only when the device is using wifi.
When unable to do this, it collects and stores data in an encrypted software programme – but is designed to never use more than 5 per cent of space on an infected phone.
It can be installed on some Apple and Android devices and is believed to have exploited three security weaknesses in iPhones particularly.
One method involves sending a text message that provides a link to a website. If clicked on, malicious software is delivered to the phone. The Pegasus can also infect a device with a ‘zero-click’ attack which, by exploiting vulnerabilities in an iPhone’s iMessage service and other apps, allows a hacker to break in simply by sending a message.
He can also call a target via WhatsApp – in both cases the recipient doesn’t even need to respond for the spyware to be transmitted.
NsO group has claimed it keeps strict control over how its powerful software is used. Its staff can shut it down at any time or look at the information being collected.
But insiders told the Israeli newspaper Haaretz that such oversight is ‘non-existent’. The newspaper also said that if an infected phone enters Israel, Iran, Russia, China or the Us, Pegasus automatically wipes its software from the device.
NsO group has insisted Pegasus is intended only for snooping on terrorists and serious criminals and that all of its clients are ‘vetted governments’.
However, critics have pointed out that the company doesn’t distinguish between democracies and dictatorships, and is particularly keen to sell to gulf states as they are prepared to pay far more for the software.
This year it emerged that Cherie Blair’s law firm, Omnia strategy, acts as an ethical adviser to NsO group. she issued a statement saying she was ‘encouraged by [NsO group’s] recent progress on human rights matters’.
‘Infected without a single click’