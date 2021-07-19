How Does Pegasus Spyware Work?

Governments around the world are facing explosive allegations that they spied on activists, journalists, corporate leaders, and politicians using Israeli-made malware.

But how does the Pegasus spyware operate? What can it do once it’s on people’s phones, and how does it get there?

Early versions of the hacking software, originally discovered in 2016, are thought to have utilized booby-trapped text messages to install itself on the phones of targets, according to researchers.

To download the spyware, the receiver would have to click on a link in the message.

However, this reduced the chances of a successful installation, especially as phone users have become more skeptical about clicking on questionable links.

More recent versions of Pegasus, produced by the Israeli firm NSO Group, targeted flaws in routinely installed mobile software.

In 2019, WhatsApp sued NSO, alleging that the spyware was installed on 1,400 phones using one of its operating system’s so-called “zero-day vulnerabilities.”

Pegasus could silently download itself onto the target’s phone by just phoning them on WhatsApp – even if they never answered the call.

Pegasus is said to have exploited flaws in Apple’s iMessage software more recently.

That might give it access to the one billion Apple iPhones in use right now — all without the owners having to do anything.

Alan Woodward, a cybersecurity lecturer at the University of Surrey in the United Kingdom, said, “Pegasus is certainly one of the most capable remote access tools there is.”

“Imagine you’ve left your phone in someone else’s hands.”

It can read the target’s texts and emails, browse through their images, listen in on their phone calls, track their whereabouts, and even video them using their camera.

According to Woodward, Pegasus’ creators have gotten “better and better” at masking any traces of the program, making it difficult to determine whether a certain phone has been hacked or not.

As a result, it’s unclear how many people’s phones have been tapped, while new allegations from international media claim that over 50,000 phone numbers have been identified as being of interest to NSO clients.

However, one of the organizations probing Pegasus, Amnesty International’s Security Lab, said it has discovered indications of successful attacks on Apple iPhones as recently as this month.

Multibillion-dollar IT corporations such as Apple and Google spend a significant amount of money each year to ensure that they are not exposed to hackers.