What is Pegasus spyware and what does it mean for me?

There are over 3.8 billion smartphones in the world. These devices often contain highly personal information, from private conversations with family and friends to our habits and specific location.

Last week, seventeen international media organisations published a joint investigation that revealed how a powerful hacking software called Pegasus is being used by governments to unlawfully target individuals. This software has the capability gain full access to your smartphone and extract information from it without a trace.

In this article we’ll explain what Pegasus is, what exactly the data leak exposed and how this all impacts you.

What does Pegasus spyware do?

Pegasus is a malware that infects iPhones and android devices and allows the operators of the tool to remotely control your phone. It's classified as a digital weapon. Once operators have access to your phone, they can view your address book, photos and messages. They can also listen to all of your conversations. Encrypted platforms such as Signal, Whatsapp, and Telegram aren’t effective against it.

A privately owned company called NSO Group owns Pegasus. On its website, it describes Pegasus as ‘cyber intelligence for global security and stability’. NSO say that they only sell the software to ‘licensed government intelligence and law-enforcement agencies’ to help them prevent terrorism and serious crime.

What’s the issue with Pegasus?

Well, in July this year there was a data leak of 50,000 phone numbers from around the world. These numbers belonged to people that had been selected by NSO customers (i.e. governments) as targets in advance of a possible hack.

At least 10 different government clients were revealed including:

• Saudi Arabia
• UAE
• Hungary
• Mexico
• India
• Rwanda

The problem is that these targeted numbers didn’t belong to possible terrorists or criminals. Instead, they belonged to human rights lawyers, journalists and investigative reporters holding governments to account, as well as business executives, religious figures, NGO employees, union officials, and government officials. Presidents and prime ministers were not excluded from the list of targets. Notably, the leaked phone numbers included that of Emmanuel Macron’s, the French President.

Can the Pegasus hacking software be detected?

Pegasus is designed to be virtually undetectable. The software leaves limited traces and can delete itself once it detects the device is being investigated, so it can be impossible to tell whether or not you’ve been targeted. However, the risk of being targeted by Pegasus is almost exclusively shouldered by people in the types of professions that we’ve mentioned.

What are the implications for me?

Although you may not have to worry too much about being attacked by Pegasus, since they're not mass attacks but instead targeted at a limited number of people, other types of attacks on our privacy are increasing.

There are some things that you can do to minimise your risk of being targeted by any software that is a security threat, such as:

• Updating your system or app whenever possible
• Never clicking on suspicious links
• Using strong passwords
• Installing antivirus software

Final thoughts

For many of us, our personal and professional lives increasingly rely on smartphones to function and thrive. Unfortunately, the Pegasus data leak has revealed that the technology to access and fully control these crucial devices not only exists but is vulnerable to abuse. For now, this is being used against a limited number of people. But, as always, we'll keep you updated.