There is a thin line between malware and questionable programs, but NSO’s spyware Pegasus has crossed it so far that it is no longer visible.
We often hear about widespread malware strains being discovered in third-party app shops, and sometimes they make it past the gates and are discovered to originate from legitimate sources. What distinguishes Pegasus from the competition is that it is possibly the most sophisticated malware ever discovered in the wild. The explanation is straightforward: it infects cellphones through zero-day vulnerabilities in popular apps like WhatsApp, iMessage, and FaceTime.
The NSO Group has been in business for half a decade, specializing in the sale of government-grade spyware to a limited group of clients, including governments and law enforcement organizations. They have long maintained that law enforcement organizations and other government entities utilize their software for lawful purposes. However, supporting proof is difficult to come by since such agencies will not acknowledge purchasing or deploying spyware.
As it turns out, anyone may safeguard their iOS and Android devices against Pegasus by taking a single more step.
Consider a world devoid of privacy
Spyware is a virus that allows third parties to access private information such as pictures, files, messages, and call records through ostensibly secure applications. Pegasus is targeting some of the most secure communication services available: WhatsApp, Facebook, Twitter, Skype, and Gmail.
Additionally, operators using this malware would be able to capture screenshots, exfiltrate pictures, and get direct access to the phone’s camera and microphone. Because our cellphones are always on, attackers would have a window into a target’s life 24 hours a day.
Compromise of a device starts with the exploitation of software to bypass built-in security measures. Once a device is “rooted” or “jailbroken,” an application may have unfettered access to stored data and other operating applications. However, even once the government-sponsored data gathering program is complete, the hacked mobile phone remains vulnerable to all kinds of assaults.
Fortunately, individuals who utilize security solutions and take the necessary measures to safeguard their digital life still have hope.
No one is safe from attack, but everyone can be protected
It is feasible to safeguard our digital lives by implementing some common-sense steps that significantly reduce the likelihood of a Pegasus assault succeeding:
- Install programs only from reputable sources. Avoid installing applications that are provided as links through chat systems since they may contain malicious code.
- Always update your operating system and apply security fixes as soon as they become available. If you’re traveling outside the country for vacation or work, ensure your device is completely patched before you depart. The majority of mobile phones do not support downloading large updates via 4G, especially while traveling on a foreign network.
- Establish a pin-or pattern-based lock screen to protect your device from unwanted physical access.
- Check whether applications have device administrator rights on your smartphone regularly and revise your security settings as necessary.
It’s natural to believe that once we check all of these boxes, we’re done. However, attackers have been found to exploit zero-day vulnerabilities, compromising completely patched and up-to-date systems.
Additionally, this is why you need a security system capable of automating security choices. Thor Mobile Security for mobile devices has continuously enhanced detection over the years to stay up to date with this evolving spyware architecture.
While mobile platforms may seem to provide more security, Pegasus serves as a harsh reminder that as long as your device is connected to the internet, it will never be completely secure. Security solutions are more necessary than ever.