PEGASUS: the spy software that worries the highest echelons of society

Cybersecurity and Encryption


Telecoms & High-tech

In the last few days new news have been appearing related to the theft of information from high political and social personalities through the use of a new spyware known as Pegasus.



Originally, this software was created by the Israeli company NSO Group with the aim of facilitating governments in the investigation and fight against terrorism and organized crime, thus helping in the prevention of possible attacks on society. However, the results of recent investigations have shown that this software has also been used for other more questionable purposes, such as espionage or the theft of confidential or classified information.



Although the operation ofPegasus spyware is similar to that of other well-known applications of this type, its novelty lies in the model of propagation and installation on the victim’s device. In particular, this spyware exploits previously unknown vulnerabilities(0-day vulnerabilities) in the target phone’s own operating system or even in other applications installed on it, such as the popular WhatsApp or Apple’s iMessage. In addition, it is suspected that, in many cases, Pegasus exploits vulnerabilities that do not require user interaction( 0-clickvulnerabilities ), making it even more difficult to detect and prevent hacking.

Once installed, this spyware has access to all the information stored on the affected phone, such as documents, photos, messages, audios, contact list, geolocation and even access to the camera and microphone. Pegasus is also capable of collecting and extracting such data, forwarding it to the remote server of the “client” (or cyberattacker) and thus violating the victim’s right to privacy.



However, while there is no optimal solution that will prevent Pegasus from being installed on the target phone, there are a number of guidelines that can help reduce the chances of hacking:

  • Do not click on strange links or links from unknown sources.
  • Keeping the phone’s operating system and applications up to date
  • Restarting the phone every day
  • Turn off the phone if any suspicious behavior is detected on the device.
  • Also, and from time to time, you can check if your phone has been infected by Pegasus using the open source application
    Mobile Verification Toolkit
  • In cases where the leak may be serious, it is best to call in a professional service of cybersecurity specialists.

In conclusion, it should be noted that threats of this type only confirm the great importance of cybersecurity today, especially in areas of great relevance and impact for society.

Alfredo Díez Fernández, director of the Cybersecurity area in Grupo Oesía.