Pegasus Spyware Explained


A deep dive into the spyware technology that is helping governments track your every move

In 2020, Amnesty International and the Paris-based non-profit Forbidden Stories found a significant data leak consisting of a list of 50,000 phone numbers of politicians, journalists, business professionals and activists from various countries across the globe. The information was then passed along to a global consortium of 17 media organizations, coming together under the umbrella name “The Pegasus Project.”

These phone numbers were from over 45 different countries across the globe. The data leak also contained details of the time and date when the numbers were selected or entered onto a system. The consortium sifted through this data to identity who the numbers belonged to and why were they on the list. Based on their findings, Amnesty International then conducted a forensic examination on the devices which held the leaked phone numbers. This revealed that at least 10 countries including Hungary, India, United Arab Emirates and Mexico had been accessing the numbers. The forensic examination identified that the leaked numbers had been infected with Pegasus spyware developed by the Israeli cyber arms firm NSO Group.

Before getting alarmed that your privacy might be at stake, take a look at what the spyware is, how it works and how it can be detected.

What is Pegasus spyware?

Pegasus is a spyware that can be covertly installed on a user’s devices to read their text messages, track their location and collect their passwords among a host of other forms of surveillance.

NSO firm, the company behind the spyware, markets it as a tool to track criminals and terrorists. They claim that the spyware tool is meant for targeted spying, not mass surveillance. The firm charges government agencies a flat fee of US$500,000 for installing the tool.

NSO’s charges can vary depending on the number of devices the government agency wishes to spy on. It also charges an annual maintenance fee which is 17% of the initial costs incurred by the governments.

How does the spyware work?

Earlier versions of Pegasus had to be installed on smartphones through spearfishing techniques.  With this method, the user would be tricked into clicking a link or opening a document that secretly installs the spyware on their device.

Another way in which it used to attack devices was by using portable transceivers. These portable transceivers are devices that emulate legitimate cell towers and force smartphones within the area to connect to them.

In 2019, the spyware’s technology evolved further. Pegasus can now be installed on a user’s device with a missed call on WhatsApp. It can also delete this missed call notification from the user’s records, keeping them oblivious to its presence.

The latest version of the spyware uses zero-click hacks. Pegasus can now take advantage of the vulnerabilities of commonly used messaging applications like WhatsApp or iMessage to attack your device without making any form of contact with it. These applications receive and sort data from various sources regularly, which makes the applications an alluring target for hackers. A lack of direct contact with the device makes it impossible to know how and when the spyware entered the device.

How can you detect Pegasus?

Researchers at Amnesty International have developed a Mobile Verification Toolkit (MVT) to check whether your device has been infiltrated. The MVT works on both android and IOS devices but requires command-line knowledge to install. Unlike a standard app, you cannot just click on an icon to install it. The MVT needs to be compiled for a specific device that can only be achieved on Linux or Mac operating systems.

The MVT saves a copy of your phone’s data onto your computer and then checks whether any of it is infected with Pegasus. It specifically checks transfer data logs where the use of the spyware is easiest to trace. To put it simply, it checks whether any of your call logs or messages have been transferred to a third-party device.

What does this mean for the future?

Pegasus spyware and the analysis of its leaked data have sparked concerns over government surveillance. Government surveillance as a phenomenon predates spyware, with documented examples such as the Gestapo (Secret State Police) surveying the people of Nazi Germany.

What is concerning about Pegasus is the scale at which surveillance can now take place. The phone numbers of over 180 journalists from media organizations like Al Jazeera, The New York Times and CNN have been found in the data leaks.

What makes this even more concerning is that one of the names on the list was the Mexican freelance journalist Cecilio Pineda Birto. Birto was an experienced journalist, he covered crime social issues and corruptions through posts on his Facebook page Cecilio Pineda, Las Noticias al Instante (Cecilio Pineda: The Instant News). The consortium’s analysis shows that Birto’s number had been of interest to one of NCO’s Mexican clients in the weeks leading up to his murder.

NSO entirely denies all of the consortium’s claims, including its involvement with Birto. The firm says that it rigorously checks its customer’s human rights records before selling them the spyware. It has also come out with a transparency report with excerpts from its contracts specifying that customers must only use surveillance technology for criminal and national security investigations.

Nevertheless, the Israeli government has taken the matter into their own hands. They have set up an inquiry to check whether policy changes are required in surveillance tech exports. Their speedy response shows a glimmer of hope that the consortium’s analysis will prevent misuse of surveillance technology in the future.

Header image courtesy of Amnesty International


Share on facebook
Share on twitter
Share on linkedin
Share on email



What Is “Shrinkflation” and Why Opting For It Isn’t Companies’ Only Choice

You might have noticed grocery prices are soaring, or your usual go-to pack of chips is shrinking in size—all thanks to massive inflation. As of August 2022, the U.S. consumer price index (CPI), which measures the change in consumer prices for a specific set of goods over a period, has increased by 8.3% (year-on-year). Although it has gone down slightly from 8.6% in May, the highest it has ever been since 1981, it remains high and worrying.

Top 3 Affordable and Little-Known Smartphones to Bring Home in 2022

Top 3 Affordable and Little-Known Smartphones to Bring Home in 2022

Apple has remained at the center of the smartphone industry for years. The sleek, striking design, ever-improving chip and robust camera system of the iPhone have made it one of the most sought-after smartphones in the world. This month, Apple cemented and extended its lead in the industry by putting forward the next generation of iPhones.

5 More Business Podcasts You Need to Listen To

5 More Business Podcasts You Need to Listen To

Entrepreneurs have one thing in common—they always look for opportunities to learn and grow. To gain an understanding of running a viable business, you need to listen to the experiences of those who have emerged triumphant in the business world. A great way to do so is by tuning into a vast number of business and entrepreneurship podcasts scattered across the internet today.

5 Hobbies To Maximize Your Entrepreneurial Drive

5 Hobbies To Maximize Your Entrepreneurial Drive

Entrepreneurs are a special breed of person. They’re go-getters, risk-takers and dreamers. Yet, even the most driven entrepreneur needs to take a break from time to time. Spending every second of your day on your business is stressful, and you will lose your drive very soon. If you want to stay energetic and ready to take on new challenges at work, hobbies are what you need.

Making the Metaverse a Force for Good with the Metaverse Charity Foundation

Making the Metaverse a Force for Good with the Metaverse Charity Foundation

If you are a frequent reader of our website, you must have seen us mention The Sandbox, Decentraland and Axie Infinity. These are some of the most popular metaverses out there, and the one thing they all have in common is that they all have their origins in Asia. While Asia is home to all these metaverse projects, it suffers two main issues: the region has major rural-urban inequality as well as a significant wage difference between high-skilled and low-skilled occupations.

How Do Stores Get You to Spend More Money

How Do Stores Get You to Spend More Money?

Have you ever entered a grocery store to buy some milk but ended up with a bag full of items you didn’t even need? You’re not alone if you feel guilty for spending more money than you intended. It’s not our fault that we keep putting items in our shopping carts; we are manipulated to do so! To make sure you buy more, retailers will go all the way to carefully engineer every aspect of their store.