Sunday, October 17

Spyware Pegasus: how to know if your phone is tapped | Digital Trends Spanish

French ministers joined the long list of politicians, journalists, activists and executives from around the world who have been victims of Pegasus spyware. Although the attacks appear to be directed at specific “interest groups”, in theory anyone can be a victim, so it is worth knowing how to know if your phone is tapped with Pegasus.

You will be interested in:

The first scandal erupted in July 2019, when a journalistic investigation revealed how politicians, diplomats, businessmen, human rights activists, lawyers and journalists, among others, had been monitored with Pegasus software, from the Israeli surveillance company NSO Group.

Pegasus software is sold to governments around the world to track down terrorists and criminals. However, it has also been used to spy on persons of interest, as reflected in a second investigation from July 2021, which identified 1,000 people from 50 countries who were under surveillance through Pegasus.

How Pegasus works

Pegasus is a remote access tool with capabilities of spywareIn other words, it allows remote monitoring of a phone and access to elements such as the camera or microphone, as well as taking screenshots or identifying the record of keystrokes.

According to computer security researchers Paul Haskell-Dowland and Roberto Musotto, Pegasus can infect phones –especially iPhone– through multiple ways, although the most common are:

  • SMS or iMessage– The user receives a message with a link to a website, where the malicious software is hosted. The victim must click on the link to download the
  • Zero click: Vulnerabilities in services such as iMessage on iPhones are exploited, allowing infection simply by receiving a message. No user action is required.

When the spyware downloaded to the device, the attacker can send more software to ensure remote access to the device’s data and functions, in a process that may go unnoticed by the victim.

Although the software can affect both iPhone and Android phones, reports suggest that the main victims have been Apple users who have made a jailbreak of your device.

How do you know if they are monitoring you?

Young Hacker

Let’s agree that it is unlikely that an ordinary person could be the victim of an attack with Pegasus, but as it is always advisable to take safeguards, there are some ways to keep your phone safe.

One way is through Mobile Verification Toolkit (MVT), which Amnesty International released in July 2021. The tool, which can be run on Linux or MacOS, examines the files and device settings for “indicators of compromise”, although it can be a bit complex to use if you don’t have computer knowledge.

The easiest alternative for iPhone phones is the desktop version of the app iMazing, which has included the Amnesty International kit free of charge since mid-2021.

  • Download and install iMazing on your macOS or Windows computer.
  • Run the free trial period, which includes the Pegasus analysis.
  • Connect your iPhone or iPad to the computer and authorize the connection on the mobile device.
  • Press the button Detect Spyware, located on the right side of the screen.
  • Follow the onscreen instructions. You should wait for the app to make a backup of your iPhone or iPad and then analyze it.
  • iMazing will show you the configuration of the spyware. Although you can adjust some details (such as the folder where the backup will be created), the recommendation is to accept the settings that come by default.
  • As a last step, you will have to accept the conditions and start the scan.

When the scan of your device backup is complete, iMazing will display a dialog box containing a brief summary of the scan report and will tell you if your device is compromised.

The iMazing developers also offer a guide so you can interpret the results more precisely.

What to do to be protected?

Although the tool allows you to take actions if your phone has been infected with Pegasus, there are also Basic steps you can take to avoid being the victim of an attack:

  • Only open links from well-known and trusted sources and contacts.
  • Make sure you have the latest security patches installed from your computer manufacturer.
  • Enable fingerprint lock or phone facial recognition.
  • Avoid public and free Wi-Fi, especially if you access sensitive information.
  • Encrypt the data on your device and enable remote wipe functions.

Editor’s Recommendations

var stage = decodeURIComponent(0); var options = JSON.parse(decodeURIComponent('')); var allOptions = {};

if (stage > 0 && window.DTOptions) { allOptions = window.DTOptions.getAll();

Object.keys(options).forEach(function(groupK) { if (options[groupK] && typeof options[groupK] === 'object') { Object.keys(options[groupK]).forEach(function(k) { if (!allOptions[groupK] || typeof allOptions[groupK] !== 'object') { allOptions[groupK] = {}; }

allOptions[groupK][k] = options[groupK][k]; }); } }); } else { allOptions = options; }

var getAll = function () { return allOptions; };

var get = function (key, group, def) { key = key || ''; group = group || decodeURIComponent('qnqb92BhrzmkpqGx'); def = (typeof def !== 'undefined') ? def : null;

if (typeof allOptions[group] !== 'undefined') { if (key && typeof allOptions[group][key] !== 'undefined') { return allOptions[group][key]; } }

return def; };

var set = function (key, group, data) { key = key || ''; group = group || decodeURIComponent('qnqb92BhrzmkpqGx'); data = data || null;

if (key) { if (typeof allOptions[group] === 'undefined') { allOptions[group] = {}; }

allOptions[group][key] = data; } };

var del = function (key, group) { key = key || ''; group = group || decodeURIComponent('qnqb92BhrzmkpqGx');

if (typeof allOptions[group] !== 'undefined') { if (key && typeof allOptions[group][key] !== 'undefined') { allOptions[group][key] = null; } } };

window.DTOptions = { get: get, getAll: getAll, set: set, del: del, }; }());

Leave a Reply

Your email address will not be published. Required fields are marked *