Hello Pegasus. We should have been expecting you. After all 2021 hasn’t been the greatest of years has it?
This year we’ve been bombarded with news about the tech sector dropping the ball repeatedly, hackers doing what hackers do and most recently in South Africa we’ve seen wide-spread looting and what has been reported as an attempted insurrection.
So Pegasus should be right at home in the news cycle. Let’s just hope it doesn’t get any worse.
In case you’re in the dark as to what Pegasus is, it’s a piece of spyware that’s capable of swanning past your smartphone’s security measures and gaining complete access to pretty much everything on it. Your contacts, your emails, your location, your pictures, your camera, your recording software, your chat apps (whether they’re end-to-end encrypted or not) – the whole kit-and-caboodle.
Sounds like a science fiction nightmare, doesn’t it? Well, unfortunately it’s not the stuff of sci-fi, it’s real.
According to a report on The Guardian, Pegasus – developed by Israeli surveillance firm NSO – first appeared in its infancy back in 2016, and the way it managed to infiltrate smartphones then was through spear-phishing. You know, the practice of sending malicious links to users through email, SMS or any other app they use to communicate. Once clicked, they installed Pegasus on the device.
Apparently, however, NSO has upped its game in the years since, and now Pegasus can infect a device through what’s called a “zero-click” attack, which doesn’t require any input from the device’s owner. The way it manages this is through zero-day exploits, flaws in the security measures of smart devices the manufacturers may not be aware of and haven’t had the time (or even the knowledge) to patch. To wit, you don’t have to pick up your phone or click on a link for Pegasus to gain access to your data. Oh, and it can infect Android and iOS devices.
Why create something like this?
According to NSO, Pegasus was created in order to aid military, law enforcement and intelligence agencies against criminal and terrorist activities and it’s only made available to the authorities in countries with good human rights records – which NSO says have to go through a vetting process.
While this is all sounds great, recent reports suggest that the spyware has already been used to target journalists, activists and political figures. Hardly the sort of people one would lump in with the likes of Al Qaeda or any organised crime outfit. The Guardian promises more revelations as the week goes on, but for now, it’s put a report by Amnesty International front and centre, which says it’s discovered traces of successful attacks by Pegasus customers on iPhones running up-to-date versions of Apple’s iOS. The attacks were carried out as recently as July 2021.
NSO for its part has denied any wrongdoing and stated that a report by French NGO Forbidden Stories in conjunction with Amnesty International was “full of wrong assumptions and uncorroborated theories”. It also says it will “continue to investigate all credible claims of misuse and take appropriate action”.
It’s a bit late for that. Thanks to reporting in myriad publications – Le Monde, The Washington Post, the BBC, The Guardian and The Verge among them – news of Pegasus and the power it gives authorities is likely to be a rather large issue for months to come.
The genie is out of the bottle
And with good reason. Given the fact that there are billions of folks across the world who treat their smartphones as almost an extension of their body, Pegasus is probably the most invasive piece of spyware that has ever been invented.
This is a program that can allow intruders to read your WhatsApp conversations. It can harvest your emails and contacts. Hell, it can turn your phone into a listening device and record you chatting with your family at the dinner table and you’d be none the wiser.
And NSO’s assertion that this software is only made available to authorities in countries with good human rights track records doesn’t even register as cold comfort.
Forget nations like the UAE, Hungary and Saudi Arabia who routinely bulldoze through human rights as a matter of course, only recently the UK Home Secretary recently claimed that WhatsApp’s end-to-end encryption is “unacceptable”, and was demanding a back door to it. Well, thanks to Pegasus, now she doesn’t need one. She might not even need one to look at your banking or financial history depending on what apps you have installed on your phone.
The United States of America has a pretty good human rights track record (comparatively speaking) and the world learned to its horror back in 2012 that its National Security Agency was using a program called Prism to hoover up private electronic data from users of internet services like Gmail, Facebook, Outlook, and others
This is all worrying enough, but topping out the paranoia levels is the fact that Pegasus exists. Now that the world knows that this level of intrusion is possible, what’s to stop another variant coming to the market? And then another?
This genie is now out of the bottle and it’s not going back in.
And if history has taught us tech users anything it’s that it’s not a question of whether this technology will be abused or whether it’ll make it out into the wild. It’s a question of when. It’s not beyond the realm of possibility that one day readers could be waking up to headlines revealing Pegasus’s source code is for sale on the Dark Web – as was the case with the NSA’s tool set.
So what can we do? Hope and pray, frankly. Apple, Google, Samsung… all the firms behind our smartphone software and hardware now need to step up. Unless they’re complicit in this, they have to move swiftly.
Mind you, you could always get rid of your smartphone. But you probably aren’t going to do that…