Disassemble phones and figure out whether Pegasus was there.
We first need to confirm who’s been targeted.
© Getty Is Pegasus, as a piece of software, legal? It’s a very novel and impressive technical feat. Pegasus effectively jailbreaks your phone, it unlocks all this kind of administrative functionality that it then uses to position itself and hide itself and have access to everything that’s going on in your phone. But with Pegasus you didn’t even know the door was there. If you decline that offer then you don’t open that door.
If you’re a tech-savvy mobile phone user, alarm bells start ringing if you get a message that asks you to give a piece of software access to your address book or your email. So Pegasus has a number of ways of getting access, and in some cases it’s as simple as a message? And that’s exactly what goes on with software. If the burglar is going to recce the whole house, they will find it eventually, no matter how large your house. It’s like locking up all the doors and windows, but leaving the kitchen window open overnight. They present openings or opportunities for people to use to gain access.
It is a fact that all very large pieces of software, like an operating system like Apple’s iOS or Android or any other, including open source operating systems, have bugs.
By the time it is discovered, they have zero time to patch it because they’re only ever discovered when someone’s used it to do bad things.Ī phone displaying the NSO Group website © Getty We call these ‘zero-day vulnerabilities’ because they haven’t yet been discovered by the vendor or by researchers. It exploits flaws in the operating system of that device. All that needs to happen is for somebody to send a message to your device. What’s remarkable about Pegasus is that it can get on your system without you clicking a thing.
Then when you click on the link, you download a piece of software onto your device and it’ll do its work from there. In the past, you might have been contacted via email, or some kind of social media messaging service, and asked to click on a link. It’s hard to know whether it’s the most powerful ever developed, because what else is out there? But I think it clearly has some functions that are a little more devious than we’re used to seeing. Pegasus has been described as the most powerful spyware ever, is that accurate?
We asked Dr Tim Stevens, the head of the Cyber Security Research Group at King’s College London, to explain how Pegasus works and whether it can be stopped. The victims include the French president Emmanuel Macron and some 180 journalists from around the world.