How to avoid Pegasus? There is no effective method. But there are ways to minimize the risk

Recently, a lot has been said about Pegasus, because – according to media reports – this spyware was to be used to eavesdrop on three people hostile to the authorities – prosecutor Ewa Wrzosek, lawyer Roman Giertych and politician from Civic Platform Krzysztof Brejza.

What is Pegasus?

Pegasus is advanced spyware developed by the Israeli company NSO Group Technologies founded in 2010 by former members of the Israel Intelligence Corps. The program uses the most sophisticated and previously undiscovered (so-called zero day) vulnerabilities in the victim’s phone software and tries to gain access to all possible modules and smartphone data. He does it in clothes so that the person being followed would not find out about this fact. The software certainly works on devices with iOS and Android operating systems, although there are many indications that it may or could also spy on Symbian (Nokia) smartphones and BlackBerry devices.

To infect someone else’s phone, all you need is an invisible notification, a short missed call on the WhatsApp messenger, after which the trace disappears immediately, or even taking the victim’s phone for a while or approaching her for a moment with a special device. Probably there are or were more methods, but not all of them are known. Certainly, the NSO Group is looking for new, more and more sophisticated ways to break in.

The eavesdropping possibilities with the Pegasus are almost endless. The software turns your phone into a real spy machine. It gives access to all information stored in the device’s memory (photos, videos, call history, SMSs, etc.), phone status, and allows you to turn on the microphone or camera at any time, listen in on a conversation, track the location or transmit live image and sound for 24 hours. hours a day. Without any sign that would alarm a victim of an attack. We have explained it more broadly in the following text:

Can you protect yourself from Pegasus?

There is no effective method that allows you to protect your Android or iOS smartphone from Pegasus. In order not to fall victim to the spies using the Pegasus, you would have to abandon the use of the phone altogether. Jarosław Kaczyński half-jokingly recommended in one of the interviews not to use a smartphone, but a simple traditional mobile phone from years ago. In fact, Pegasus will not attack a simple device that doesn’t run on mainstream operating systems. But a traditional telephone only allows calling and texting, and these authorities can eavesdrop or preview in a much simpler and less costly way.

However, if you are using a normal Android or iOS smartphone, you can only follow a few tips that will not allow you to fully protect yourself from the threat, but minimize the risk of a successful attack or limit the amount of data that the Pegasus operator can get.

The first important thing to do is keep your phone software up-to-date. It is a good idea to install both the operating system and application updates right away, because they contain patches to fix holes that could potentially be used by the developers of Pegasus. An unsecured phone is easier to attack. It is also worth installing only those applications that are actually necessary in everyday work, which will reduce the number of doors that burglars can get inside.

According to some reports, an effective method to get rid of Pegasus is frequent restarting the phone. If the software is stuck in the RAM of the device, only it will wipe all data stored in RAM. If possible, it would be good to restore the phone to factory settings from time to time or load a clean operating system, but in practice such operations would be very cumbersome.

The way to minimize the start in the event of a break-in is to limit all sensitive information that we keep on the phone as much as possible. Private data – as long as we are concerned about its leakage – should be kept in an isolated place, e.g. in a portable memory, which we store in a safe place. Not in the cloud or smartphone memory.

Therefore, it is worth to regularly (as often as possible) make backups of your data on external media, and delete original photos, videos or files from the device’s memory (completely remove from memory, not only transfer to the trash). It is also better to erase the history of calls and SMS messages and minimize the telephone number base in the telephone book. This obviously won’t protect your phone from attack, but it will ensure that when the device is attacked, Pegasus operators won’t have much data to steal. In order not to be eavesdropped on, it is also worth limiting the time spent with the smartphone, e.g. locking it in another room for the duration of the meeting.

What else can help in the fight against Pegasus?

Some other tips this week were also shared by the well-known As reported, in order to make the attack more difficult, it is worth choosing one of the less popular smartphone models. Of course, it must be a relatively new device that regularly receives the latest security updates

Secondly, you must not leave your phone unattended and it is worth using encrypted messaging (eg Signal, Telegram, Viber and WhatsApp), although this will not make it 100% safe. It is also a good idea to limit the sending of messages in favor of phone calls, and to turn on the vanishing messaging feature in messengers, which makes it possible.

Trusted Third Party also states that it is not a very effective idea to change, for example, to “old Nokia”, because a simple telephone can also be eavesdropped (but in a different way), or a separate device only for calls, because the services have no major problems with locating all phones used by their victim.