When it comes to IT security one of the most important tools to protect your information, is physical security and under that software that actually allows the vulnerabilities to stabilize is of key importance. Many security curators and innovators have tried a variety of security solutions which could be highly secure and could not be detected under the radar of cyber criminals.
In defense of such criminals spywares or softwares that can be mechanised as surveillance devices for activities and information proves to be most beneficial.
Pegasus a Spyware
It is perhaps the most powerful piece of spyware ever created by a certainly private organization, can not only be a phone tapping machine, but when wormed inside your device, can turn it into a 24 hour surveillance system that records your phone conversation, send or receive messages, or can harvest your private information such as photos, documents etc. Experts say that the applications of this spyware doesn’t stop here, it can also be used to activate and use your microphone, to record your conversations in the room, it can potentially pinpoint your or your device’s location and your activities can be tracked to almost accuracy.
This software is said to have the capacity to infect billions of devices running either on iOS or Android operating systems. The earliest version of Pegasus is known to be found in 2016. It infected phones through spear -phishing text messages or email that trick a target into clicking on a malicious message link.
Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed. These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.
In 2019 WhatsApp revealed that NSO’s software had been used to send malware to more than 1,400 phones by exploiting a zero-day vulnerability. Simply by placing a WhatsApp call to a target device, malicious Pegasus code could be installed on the phone, even if the target never answered the call. More recently NSO has begun exploiting vulnerabilities in Apple’s iMessage software, giving it backdoor access to hundreds of millions of iPhones. Apple says it is continually updating its software to prevent such attacks.
Technical understanding of Pegasus, and how to find the evidential breadcrumbs it leaves on a phone after a successful infection, has been improved by research conducted by Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab, “Things are becoming a lot more complicated for the targets to notice,” said Guarnieri, who explained that NSO clients had largely abandoned suspicious SMS messages for more subtle zero-click attacks.
Noted to be the world’s most sophisticated commercially- available spyware may be being abused according to an investigation of 17 media organizations in ten countries, Pegasus has been used to target and spy on the phones of human rights activists, investigative journalists, politicians , researchers and academicians.
Why Pegasus is Different
When the Snowden leaks were published, many were shocked to learn of the scale of surveillance that digital technologies had enabled. But this mass spying was at least developed and conducted within state intelligence agencies, who had some legitimacy as agents of espionage. The debate about the right of the state to invade our privacy is no longer about debating the rights of the individual. Instead, it’s about protecting our data from the outside world. This is not an industry where legitimate developers create and sell the same tools used by bad hackers to attack businesses and governments.
Following the leak of the Pegasus spyware, Edward Snowden called for an international ban on spyware. It is likely that criminals will use the code found in this leak to carry out similar attacks. Evidence suggests that Pegasus has been misused and greater accountability and oversight is needed. We must also seek to rekindle important debates around enforceable controls on the creation and sale of corporate spyware. Without this, the threat that Pegasus and future spyware tools pose to privacy will not be limited to the high-profile targets that have so far been revealed but will be a threat to us all.
Conclusion for Data Security
We have only just begun to consider the full implications of Pegasus on democracy and privacy. Without transparency, we do not know what conditions or restrictions may apply to the use of Pegasus. The protection required from such security threats are certainly very tricky. If we follow certain precautions many attacks and the following crime can be prevented and reported in time thus the repercussions can be avoided. Measures like, actively listening to the callers’ statements, observing the safely protocols like not sharing Pins, Passcodes, or any other details that the organization won’t ask over the phone, not falling into the traps of ‘offer’ or ‘lottery’ or safe-looking click-baits, that might have false intentions to dupe you.
For something like this spyware, certain measures like not accepting unknown call that are from non-Indian numbers (Phone numbers that don’t start from +91, or more/less than 10 digit numbers), updating device software’s as often as possible, going through virus cleaning processes often, accessing internet only with trusted internet providers, avoiding important money transactions over open or free wi-fi services, and lastly protecting your device with a strong password are some measures that can avoid hazards.