Pegasus: Are We Threatened and How to Protect Ourselves?

In its announcement, the coalition noted that the owners of these numbers may be exposed to, or have already been, at risk of this program, which allows spying on devices and monitoring their owners through the camera, listening to phone conversations, and viewing the contents of the device as a whole.


The first versions of the Pegasus spyware appeared in 2016, and at the time, the target party had to somehow allow the software to access its device, possibly in the form of clicking on a specific link, downloading a file, or answering a connection. However, the NSO group based on the program found that its chance of competing in this market is weak if it does not develop a more effective means of hacking, represented by a means known as “zero-clicks”, that is, without the need for the consent of the target party.


NSO was founded in 2010 on Israeli occupation territory, and its name grew in the market for electronic espionage products until it had more than 700 employees, and its profits in 2018 amounted to 250 million dollars. According to the company, it sells Pegasus’ cyber espionage software exclusively to government agencies to “fight crime and terrorism.”


Although NSO is one of the most famous companies in the cyber espionage economy, it is not the only one, Black Cube, AnyVision, and many others, but the common factor between them is that they are in a country like Israel, have no problem spying on others, let alone committing other crimes.


The Citizen Lab estimates that the cost of electronic espionage systems, based on the variety of hacking methods, starts from hundreds of thousands of dollars and could reach $1 million.


Names in the Pegasus project files and may be vulnerable to or have already been espionage using Pegasus include: French President Emmanuel Macron, Genghis, journalist Jamal Khashoggi’s fiancée, Princess Latifa fleeing the UAE authorities, as well as King Mohammed VI of Morocco.

But what’s new

This is not the first time a hack carried out using Pegasus has been revealed, as The Citizen Lab first revealed the use of this software to spy on Emirati human rights activist Ahmed Mansour in 2016. The same project, in 2018, also revealed that Saudi authorities targeted dissident Omar Abdulaziz, who is in Canada.


According to Rami Rauf, a researcher in the fields of technology, privacy and digital security, what is new in the Pegasus project is an investigation that covers most of the uses of the program at the state and context levels, and provides a clearer picture of “of the puzzles, not just a small piece of it, helping us realize employment, technologies and the political pattern of its more comprehensive and more accurate use.”

“Begasus is a direct targeting program and not a comprehensive surveillance tool or mass surveillance retroactively or directly.”

For her part, Sarah Aoun, a trainer in the field of digital security, believes that the new leaks revealed for the first time that government and political figures at the highest levels and on a large scale have been targeted, showing how dangerous this tool is in the hands of governments. Rauf also points out that the presence of such names on the target list (Macron, for example) may mean that the software is used by intelligence services to target other intelligence services, not as is commonly believed to be used to target activists and opponents only.


Pegasus can hack devices in two ways, either by tricking the user and pushing them to agree to activate it through social engineering, i.e. circumventing them by falsifying the identity of the person they are communicating with or providing them with attractive content (such as sending a fake link in the form of news that interests them personally), or by loopholes in programs on


When hacked into the device, Pegasus can collect and retransmit various information to the person who paid for this service, from SMS messages, to emails, WhatsApp conversations, photos and videos, geolocation information, number history, calendar, activate microphone and listen to what it records, activate the camera and watch what it shows, and record calls.


In turn, Raouf explains how Pegasus exploits gaps in some devices and applications, as it is enough just to call the victim number for a few seconds to activate the program, for example, and therefore, regardless of the amount of response with the link/ message, villains can attack and injure without the need for phishing links. But Rauf stresses that “this attack depends on very specific vulnerabilities in certain phones and applications, and most of its operators make periodic security updates to reduce the frequency of breaches.”


Aoun cited examples of apps and devices that contained vulnerabilities exploited in Pegasus hacks: “Android and iPhone devices, in addition to i-message software.” But she stresses that ordinary citizens should not be terrified, because this program in its current situation is very expensive and is not used to target large numbers of people, given that the technology used in it is scarce and developed by individual internal efforts, and is not available within the developer community around the world.


Rauf confirms this by saying that “the media approach dealt with the subject in an inclusive manner; that ‘everyone’ is hacked and monitored, and this is not accurate in this case, because Pegasus is a direct targeting program and not a comprehensive surveillance tool or mass surveillance retroactively or directly.”


But Aoun points out that this situation may be temporary, and we should not forget that our activity on our various devices is monitored and recorded by several companies such as Google and Facebook, “our habits, the places we frequent, and our network of knowledge are all information on our phones. There is an article published in the New York Times showing that this information is easy to know through our devices, with some effort and the use of expertise and money by governments.”

How do we know we’ve been hacked, and how do we protect ourselves?

According to Raouf, “there are no ordinary ways for a non-specialist user to know or discriminate if he is infected or tried to be infected with Pegasus specifically or the rest of the programs of the same category. Phones are usually scanned in technical laboratories for analysis for injury indicators.”


In case of doubt, Aoun says the user can go for one of the following options: “either contact The Citizen Lab or Amnesty International’s technology department to examine their devices, if the person is a journalist, activist or a government employee,” and the second option is to “conduct the scan himself with Amnesty International’s MVT tool to analyze the exposure of devices and applications

Phones are usually scanned in technical laboratories for analysis for indicators of Pegasus infection, and a non-specialist user cannot know or distinguish if infected.

Some of us might think that traditional tips such as periodically updating hardware and application systems do not help fend off Pegasus software attacks, but in the opinion of many experts they are still effective.


Aoun summarizes her tips for users to “abstain from random downloading apps without ensuring their safety, checking links before clicking on them, beware of social engineering practices, using VPNs on all devices, changing passwords for our different accounts periodically, using two-steps verification, as well as factory reset every now and then.”


Pegasus espionage software is not the only one available on the market, but the above tips are sufficient for the user and the average citizen to limit the ability to penetrate devices or applications, as information on these spyware is available to date in general.


International figures such as Edward Snowden have called for an immediate halt to the trade and sale of surveillance and hacking systems, as they threaten individual freedoms and to the security and safety of many countries around the world.


“Our efforts should focus on combating this kind of censorship, preventing trafficking in hacking systems, and pressuring governments to find legislation governing the work of the private espionage technology sector,” Aoun says.


“Project Pegasus itself is proof that privacy is possible and real, and software that provides security and safety is steadfast and robust, prompting all these villains to spend millions voyeurizing people’s lives,” Rauf stresses. He adds that the Pegasus project “highlighted the need for software developers and technology companies to adopt protection protocols that take into account the most vulnerable users [such as journalists and activists], and the need for information safety charters and considerations that go beyond traditional commercial safety, and take into account political, economic and human rights considerations more broadly.”

Related Articles

One Comment

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker