Pegasus spyware : How does it work? Researchers believe early versions of hacking software used booby-trapped text messages.

PARIS : Governments around the world are facing bombshell allegations that they used Israeli-made malware to spy on the phones of activists, journalists, corporate executives and politicians.

But how exactly does the Pegasus software work? How does it get into people's phones - and what can it do once it's there?

Researchers believe that early versions of the hacking software, first detected in 2016, used booby-trapped text messages to install itself onto the phones of the targets.

The recipient would have to click on a link in the message in order for the spyware to download.

But this limited the chances of a successful installation - particularly as phone users have grown increasingly wary of clicking on suspicious links.

MORE RECENT versions of Pegasus, developed by the Israeli firm the NSO Group, have exploited weak spots in software commonly installed on mobiles.

In 2019 the messaging service WhatsApp sued NSO, saying it used one of these so-called ''zero-day vulnerabilities'' in its operating system to install the spyware on some 1,400 phones.

By simply calling the targets through WhatsApp, Pegasus could secretly download itself onto their phone - even if they never answered the call.

More recently, Pegasus is reported to have exploited weaknesses in Apple's iMessage software.

That would potentially give it access to the one billion Apple iPhones currently in use - all without the owners needing to even click a button.

''Pegasus is probably one of the most capable remote access tools there is,'' said Alan Woodward, a cybersecurity professor at the University of Surrey in the UK.

''Think of it as if you've put your phone in someone else's hands.''

It can be used to read the target's messages and emails, look through the photos they've taken, eavesdrop on their calls, track their location and even film them through the camera.

Pegasus developers have got ''better and better at hiding'' all traces of the software, making it difficult to confirm whether a particular phone has been bugged or not, Woodward said.

That is why it remains unclear how many people have their devices tapped, although new reports by international media say more than 50,000 phone numbers had been identified as being of interest to NSO clients.

However, Amnesty International's Security Lab, one of the organisations investigating Pegasus, said it had found traces of successful attacks on Apple iPhone as recently as this month.

Multi-billion dollar tech companies like Apple and Google invest vast amounts of cash each year in making sure they aren't vulnerable to hackers who could bring their systems crashing down. [AFP]


Post a Comment

Grace A Comment!