Pegasus is the buzzword. The hack tool for accessing all the data on any iPhone or Android smartphone is news in all the media. How does it work? How can I know if I am infected? We tell you everything below.
Table of Contents
What is Pegasus?
Pegasus is a tool to spy on your smartphone. We could classify it as a «virus» for all of us to understand each other, which does not damage your phone, does not cause anything to be deleted or malfunction, but rather has access to all your data and sends it to whoever installed that virus on your phone. This tool has been created by NSO Group, an Israeli company that sells this tool to spy on people. Yes, it's that simple, it is a well-known company, that everyone knows what it does and that is allowed despite all the commotion that has been mounted around it since its existence was known. Apple has already filed a complaint against this company.
How do I install Pegasus on my phone?
People are always talking about iPhones infected by Pegasus, but the reality is that this tool works for both iPhone and Android. The targets of this tool are usually high-ranking politicians, journalists, activists, dissidents... people who are "interested" in spying to control their movements and know everything they know, and these people, for security reasons, usually use iPhones, more secure than Android, but as secure as it is, it's not invulnerable.
For Pegasus to be installed on your iPhone you don't even need to do anything. The NSO company has designed a tool so advanced that it can enter your phone without you clicking on any links or downloading any applications. A simple WhatsApp call or a message sent on your phone, without you opening it, can give access to this spyware. To do this, take advantage of the so-called “zero day vulnerabilities”, security flaws that the phone manufacturer is not aware of and therefore cannot fix, because it does not even know they exist. Once installed, everything, I repeat, everything on your iPhone is in the hands of whoever uses that tool.
Apple already released an update months ago that fixed several of those security flaws, but Pegasus finds others and takes advantage of them. Today we don't know what bugs it uses, nor what phones or OS versions are vulnerable to its spy tool. We know that Apple fixes them as soon as it discovers them, but we also know that there will always be bugs that will be found and exploited. It is the eternal game of cat and mouse.
Who can use Pegasus?
The NSO group claims that its tool is only used by government agencies, as if this were any consolation. But as Tim Cook said when discussing forcing companies to create a "back door" that would give access to phones when needed, "a back door for the good guys is also a back door for the bad guys." ». The only consolation that we normal citizens have is that Pegasus is not accessible to anyone for purely economic reasons. Using this tool for one person has a price of about 96.000 euros, so I don't think your co-worker or brother-in-law is going to use it to spy on your phone.
But it is worrying for everyone to know that there is a tool that can spy on us 24 hours a day, 365 days of the year using our smartphone, aware of everything we do, see, read, listen and write. Who can guarantee that Pegasus cannot fall into the hands of others who sell it cheaper? Or even make it available to everyone for free? And what I told you about at the beginning of the article, the most worrying thing is knowing that the company that Pegasus has created can act with impunity with a tool that breaks all possible laws.
How can I know if I am infected?
If you want to know if someone has installed Pegasus on your phone, there are tools to detect it and they are free. On the one hand we have the open source software developed by Amnesty International and that you can download from GitHub (link). However, it is not a software that everyone can use due to its complexity, so there are other simpler and more accessible alternatives for those who do not have advanced computer skills. For example the iMazing tool (link), free to download, also allows you to know if you have been infected by Pegasus. It is compatible with Windows and macOS and although some of its features are paid, Pegasus detection is free.
How can I avoid getting infected with Pegasus?
As it is, if someone wants to install Pegasus on your phone, there's no way around it entirely. But you can take precautions to reduce the risk to the minimum possible. We know that there have been bugs that have allowed Pegasus to install without the user doing anything, but we also know that Apple is continually releasing patches to fix those bugs, so The best thing is that you always keep your iPhone updated to the latest version available. It is also important that you do not click on links whose origin is unknown to you, or open messages from unknown or suspicious senders.
Regarding the installation of applications, on iOS you can't install apps from outside the App Store. This is something that is currently under discussion by many organizations such as the European Commission, but it is a security measure that protects us from external attacks. If at any time Apple is forced to open its system and allow "sideloading" or the installation of apps from outside its store, the risks will increase exponentially.