Pegasus Spyware: What to know and how to protect your iPhone

The tech world has been abuzz about Pegasus spyware since a journalistic investigation revealed details about how governments are using it to spy on prominent individuals. This malicious software has targeted the smartphones of politicians, business leaders, journalists, human rights activists, and others whom global governments want to keep tabs on.

What’s more, iPhones have surprisingly been more greatly compromised than Android devices. This is concerning given Apple’s focus on privacy. Although Pegasus can infect Android devices, too, it isn’t as effective as it relies on a rooting technique that isn’t 100% reliable.

If you’re wondering how to check if your iPhone is infected with Pegasus spyware, I’ve covered it in this article, along with everything else you need to know about this surveillance technology and how to protect yourself.

What is Pegasus spyware?

Pegasus spyware was developed and sold to governments by an Israeli cyber-intelligence firm called the NSO Group. It’s been around for a few years now but has been getting more and more sophisticated. It can essentially turn any smartphone into a surveillance device.

It can monitor all your activity and record all your information, including your contacts, messages, photos and videos, internet browsing history, etc. This is transmitted to the attacker, who, in this case, is the government who wants to keep tabs on you.

Paris-based journalism nonprofit Forbidden Stories and Amnesty International obtained a leaked list of 50,000 phone numbers potentially targeted by Pegasus. From this, journalists identified more than a thousand people in 50 countries who are reportedly under surveillance. If you’ve read George Orwell’s 1984, this current reality certainly evokes the horror of the fictional world imagined by the author decades ago.

How does Pegasus infect iPhones?

So, aren’t iPhones supposed to be secure from such threats? After all, that’s an integral focus of Apple’s marketing strategy! Unfortunately, no piece of technology can be 100 percent foolproof. New types of malware and attacks are continually being developed to target specific vulnerabilities in consumer software and hardware.

In this case, it seems that Pegasus has been specifically developed to compromise iOS because the high-profile individuals it targets are more likely to own iPhones than Androids.

It infects a device through a website link sent on iMessage. When the unsuspecting recipient clicks the link, the malware is deployed and compromises the device. It takes advantage of a vulnerability in iMessage on iOS 14.6 that has since been patched with Apple’s recent release of OS 14.7.1.

Should you be worried?

Pegasus is a particularly nightmarish malware that can monitor everything you do on your iPhone. However, reports have revealed that governments have explicitly used it to spy on individuals of interest to them, such as journalists, politicians, activists, and chief executives.

It’s unlikely that this spyware has been used to monitor anyone who isn’t politically active or publicly prominent. Therefore, most of us don’t need to panic that our devices are compromised.

Nonetheless, it’s best to exercise caution. There are ways to check if your iPhone is being monitored and some general tips to avoid falling victim to Pegasus and other kinds of malware. These are discussed below.

How to detect Pegasus Spyware on iPhone

The Amnesty International Mobile Verification Toolkit (MVT) provides a relatively easy way to check if your device is affected by Pegasus. This tool can run under either macOS or Linux to analyze a backup taken from the phone. It does not expressly confirm the presence of Pegasus spyware, but it detects indicators that might point to a compromised device.

However, although the MVT comes with instructions, it takes some level of technical knowledge to run since it’s command-line or terminal based. The Verge has provided a detailed guide.

How to protect your iPhone from Pegasus

Although most of us are unlikely to be targeted by this type of attack, there are still steps you can take to minimize the risk of potential exposure to Pegasus and other malware. Here are some top tips:

1. Never open links that seem suspicious or are sent by unknown sources. Pegasus and other malware are deployed through links sent in iMessage, email, or other messaging apps.
2. Keep your iPhone updated with the latest iOS version. Apple often releases security patches and other upgrades that bolster your phone’s defense.
3. Make use of the security features built into your phone to restrict others from gaining physical access to it. For instance, enable the security code, Face ID, or Touch ID. Don’t leave your phone unattended in public spaces. Similarly, set up Find My and the Remote Wipe feature so that you can secure your data if your device gets lost or stolen.
4. Resist the temptation to connect to public or free wifi networks such as those found in cafes, airports, hotels, etc. If you must use these, ensure you use a good VPN to secure your connection. This will ward off hackers looking for easy targets to disseminate cyber attacks.

Cyberthreats like Pegasus spyware are unpredictable and constantly evolving. So, the best you can do is take the necessary precautions and stay informed. Share this information with others too. After all, if we’re savvy enough to use technology, we’ve got to be savvy enough of the security risks too!