Imagine I could come into your home.
Imagine I could record anything you had to say and take any of your pictures and give them to whomever I chose. Imagine I could read your emails, your SMS’s, your conversations on WhatsApp, or Telegram, or Signal, or any other applications you were using under the proviso that they were encrypted.
Imagine I had access to your smartphone and you would be none the wiser. Imagine I could take anything you were doing on your smartphone and bend it to my will.
That’s what one can do with Pegasus and the company that made it is asking you to trust that it’s in the right hands. That’s a stretch. At best.
Let’s have a look at Pegasus
Pegasus is spyware software developed by Israeli surveillance firm NSO that may or may not already be on your phone. There’s no way of knowing if it is, unless you’re aware of how intrusive spyware has become in the last decade.
Ask yourself this: do you have an anti-virus countermeasure on your phone? Are you using a VPN? Have you clicked on a link sent from an email address you didn’t immediately recognise?
Whether the answer to any of the above is either yes or no, you might have been infected by Pegasus, which can gift the party (or parties) that uses it complete access to your smart device.
In its infancy back in 2016, this software relied on spear-phishing to infect devices. In the years since it can come in through the backdoor of zero-day vulnerabilities – holes in security measures that the manufacturers may not have been aware of.
In other words, one doesn’t have to have clicked on a link, visited a site or even answered a call to have Pegasus running on their device.
Why create Pegasus?
The idea for Pegasus came from a bloke who simply wanted to find out whether a glitch on their smartphone could not be fixed remotely. It dovetailed from there into a piece of software that NSO sells to governments, which it says are vetted on their human rights track records.
Given the fact that even those countries that are considered bastions to human rights have spotty records when it comes to mass surveillance – the USA and the UK, for example – only a child would trust the notion that the governments of these countries wouldn’t eventually abuse this sort of technology.
Imagine a political party in one of those countries. Now imagine that a forthcoming election may run down to the wire. Do you really think that if a ruling party had access to spyware as intrusive as Pegasus, it wouldn’t use it to win that election?
If you do, you’re living in world far more innocent than the rest of us.
Checks and balances
NSO says this technology is only sold to governments with good human rights track records. One need only peruse the current news cycle to find examples of how this technology has allegedly been abused. How “governments with good human rights track records” are allegedly behaving.
NSO also goes on to say that its software is only used to target terrorists or criminal suspects.
Well how would NSO know? Once this technology is in the hands of its clients, does it have any way of knowing if it’s being used for the purpose, it purports it was created for? Apparently not. NSO has always maintained that it “does not operate the systems that it sells to vetted government customers and does not have access to the data of its customers’ targets”.
This is a hell of a lot of power to give out without any checks and balances.
And that’s the problem. NSO is a private firm selling spyware the US’s National Security Agency (NSA) could have only dreamed of in the days of Prism. In a way it could make many people pine for the halcyon days before Edward Snowden met with a bunch of journalists in Hong Kong.
Pegasus, given its capabilities and given the grade school level of PR NSO thinks it needs to adhere to should scare the living hell out of all of us. The fact that it doesn’t probably points to how much of an appendage our smartphones are and how little we respect that contract.
In the meantime, consumers should turn to the manufacturers of the devices they use for help. There’s no point in turning to the authorities – even if they have this technology, it’s doubtful whether they’d be transparent about its usage or even admit they have it at all.
The biggest problem that smartphone owners have is the fact that NSO has been operating for years and it is likely they will never be held to account because the people that are meant to do that are its customers.