Blog

Pegasus – difficult protection against the spyware

The Pegasus spyware, which can perform far-reaching actions on smartphones, has been discovered on many devices around the world, according to recent research by a journalists’ alliance. Sensitive data can fall into the wrong hands this way. The problem is that both prevention and detection of Pegasus are difficult if adequate security mechanisms are not in place. And, as our EMEA study found, this is the case in very few companies. Learn in our blog article what Pegasus is, about the risk posed by the spyware, and how you can best protect yourself.

What is Pegasus?

Pegasus is a surveillance software from the Israeli NSO Group, which is actually used for spying on criminals. However, an international alliance of journalists recently made public that traces of the surveillance software were also discovered on smartphones of politicians, journalists, human rights activists, businessmen and their relatives.

The Pegasus software exploits unknown vulnerabilities in operating systems – zero-day exploits – and can access both Apple and Android devices. On the devices, the software can record conversations, bypass message encryption, activate the camera and detect the user’s location.

How does Pegasus get onto the devices?

The software can get onto the devices in various and constantly changing ways. These are just a few options that have been frequently observed:

  • Via an SMS message containing a link that leads to the installation of the software, e.g. a tracking message (Smishing).
  • Via a connection to a compromised network – via router or IMSI catcher (Malicious WiFi)
  • Via infected DNS servers pointing to malicious servers (Malicious DNS)
  • Via Apple system services with web integration, such as Apple Music and Apple Photos
  • For iPhones and iPads, via an iMessage that has been prepared in such a way that the software is installed without any user interaction (Zero Click).

Who is affected and how high is the risk?

The Federal Cyber Security Authority BSI assumes that this is not a mass attack, but rather targeted attacks. It is also not yet known that German targets were affected by the activities.

Nevertheless, the BSI rates the threat as high. Firstly, because the current iOS and Android versions are also considered vulnerable. Secondly, because it is feared that the software will always exploit new exploits in order to gain access to the devices. Consequently, the risk posed by Pegasus would not disappear even after fixing the vulnerabilities currently in use.

How can enterprises protect themselves against Pegasus?

Both prevention and detection of Pegasus is difficult: Because the software is constantly evolving and exploiting new vulnerabilities. Because the zero click approach allows the software to get installed without any user interaction, so even a vigilant user has no chance to prevent the installation. And because restrictions and settings in Mobile Device Management systems are in most cases not sufficient to detect the software that has reached the device or even to prevent the attack.

Mobile Threat Defense solutions, on the other hand, provide significantly higher protection and better detection of Pegasus. The manufacturers of well-known solutions have compiled more detailed information on this and Lookout will provide information on the topic in a webinar on August 3:

Microsoft Defender

https://www.microsoft.com/en-us/wdsi/threats

Zimperium

https://blog.zimperium.com/pegasus-is-flightless-against-zimperium-and-zecops/

Lookout

Blog article: https://lo-blogdss.ingeniuxondemand.com/protect-against-pegasus-spyware

Webinar on August 3: Register

Additionally, we always recommend making employees aware of security issues – so they don’t click on a dubious link or use a public WiFi. However, in the case of Pegasus, even a careful user can’t do anything about some attack settings (see Zero Click scenario).

As a reactive measure, the Mobile Verification Toolkits provided by Amnesty International are also recommended: https://github.com/mvt-project/mvt. They help to detect infected devices – although, according to the organization, this is more difficult on Android devices than on iPhones and iPads.

Do you have questions?

If we can help you protect your devices and data and advise you on effective and modern security measures, please feel free to contact us!

Contact us
30/07/2021

Related Post

Recent Posts

  • Blog

EBF Girls’Day: What a great day!

Read more about our first Girls'Day and learn whether we also succeeded in turning initial… Read More

02/05/2024
  • Blog

Migration now also easy for Windows devices

You will find out why Windows and Mac migration was still a problem in the… Read More

09/04/2024
  • Blog

Exploring Apple Vision Pro: A Glimpse into the Future of Spatial Computing

First impression and possible uses for companies Read More

05/04/2024
  • Blog

Honoured – Telekom Best Mobile Business Enabler 2023

We report on the cooperation with Deutsche Telekom and the many opportunities for our customers. Read More

25/03/2024
  • Blog

March 2024: What’s new? Our solutions for the modern workplace

We present the latest innovations of our EBF products. Read More

06/03/2024
  • Blog

3rd-party app stores: Forced changes pose security risks for companies in the EU starting with iOS 17.4

We explain what is changing in the app stores, what this means for companies and… Read More

19/02/2024
Alle Artikel lesen
Impressum | Datenschutz