Israeli bug that secretly takes over your phone
PEGASUS spyware gives hackers a terrifying level of access to a mobile phone without the victim having the faintest idea it has been hacked.
A malicious user can extract data including passwords, contacts, browsing history and social media posts, tell where the phone is, where it has been and whether it is on the move.
The hacker can also see incoming or outgoing calls and, perhaps most chillingly, access the device’s camera and microphone to take pictures or listen in on conversations remotely.
The creators of Pegasus – Israeli cyber intelligence company NSO Group Technologies – have long boasted that the spyware worked like a ‘ghost’, tracking the movements of targets without leaving a trace.
To avoid being spotted through racking up data charges on phone networks, the software transmits files only when the device is using Wifi.
When unable to do this, it collects and stores data in an encrypted software programme – but is designed to never use more than 5 per cent of space on an infected phone.
It can be installed on some Apple and Android devices and is believed to have exploited three security weaknesses in iPhones. One method involves sending a text message that provides a link to a website. If clicked on, malicious software is delivered to the phone.
NSO Group has claimed it keeps strict control over how its powerful software is used. Its staff can shut it down at any time or look at the information being collected.
But insiders told Israeli newspaper Haaretz that oversight was ‘non-existent’. The newspaper also said that if an infected phone entered Israel, Iran, Russia, China or the US, Pegasus wiped its software from the device.