How Pegasus works: Can take over your phone with a missed call
The spyware developed by the now beleaguered Israeli tech company, NSO Group may not be the only intrusive one around in the world, as it is believed that some rival companies and competitors might be working hard to take advantage of the market as NSO comes under pressure from the increasing exposure by journalists and civil society organisations who themselves have been victims of Pegasus attacks as well as multiple law suits.
The Pegasus spyware uses the principle of ‘zero click’ to infect the devices of targets and can use a simple missed call to take over a target’s phone.
Pegasus can thoroughly take over any device by exploiting the security vulnerabilities in a device or app. It is able to take over Android, iPhone or Blackberry. Once it takes over a phone, it turns it into a secret camera and microphone and operate remotely, providing live feeds to the operator, and the owner of the phone would never know.
Pegasus then takes over the target’s emails, messages and GPS coordinates.
According to marketing documents from NSO as published by Israeli news media including Haaretz and Hamakor (Channel 13 TV), the infection of a phone is done by silently pushing an installation to the targeted device, and the method doesn’t require the individual being targeted to do anything.
Another option is to send a contaminated SMS or “crafted message”, usually what NSO says “innocent message that contains a text and a link. The message content and link lure the target to click (only once) and browse to an innocent website. Clicking the link triggers a silent installation in the background.”
NSO also says any website can be used as the installation link. It adds that Pegasus continues to work even after software updates and could also break into encrypted apps like Telegram and WhatsApp.
In a 2020 lawsuit against NSO by a number of CSOs in the freedom of the press, media and expression sectors, including Committee to Protect Journalists, Reporters without Borders, Brief on Access Now, Amnesty International, Internet Freedom Foundation, regarding a 2019 WhatsApp attack, in which some of these groups were targeted, it was stated that Pegasus can infect a phone by simply sending a single missed call to the target.
Court documents on Pegasus trial confirm Ghana has software
Even though there has been consistent denial that Ghana has the Pegasus software, the judgment on the case involving former government officials convicted and jailed for among others the charge of causing financial loss to the state in the matter of buying the Pegasus machine, has stated that NSO Group installed the software in the country.
On page 36 of the 67 page judgment it says: “The next installment was to be US$3 Million after written notice that first commissioning of the equipment had been done among which Ecobank Ghana to receive written confirmation signed by the end user confirming that the hardware equipment had been delivered together with assurance that NSO had performed the deployment, software set-up, installation and configuration services.”
Meanwhile, evidence has emerged indicating that the software has been used on some targets in Ghana.
Download PDF copy of the judgment here.
By Emmanuel K. Dogbevi
Copyright ©2022 by NewsBridge Africa
All rights reserved. This article or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of the publisher except for the use of brief quotations in reviews.