NSO's Pegasus: How to know you're being tracked - and how to stop it
NSO's Pegasus: How to know you're being tracked - and how to stop it
Do you think your phone is being targeted? These signs could help determine if you've been hacked and what you can do about it.
By YINON BEN SHUSHAN/WALLA
Published: FEBRUARY 8, 2022 19:00 Updated: FEBRUARY 8, 2022 21:35
The investigation into the Israel Police's alleged misuse of NSO's Pegasus spyware has revealed the extent of the widespread use of the software against senior officials in the public and private sectors.
Are you concerned for your privacy? This is how you can know if you're being tracked – and how to protect yourself.
How does NSO's Pegasus work?
The spyware carries out an action that, if someone without permission to do so activated it, would be considered a criminal act and a violation of law. It is an "offensive cyber" software; it does not perform defensive actions, but rather offensive ones which are intended to compromise the existing defenses of devices and operating systems.
Pegasus exploits a number of vulnerabilities in the software - but mostly so-called "zero-day vulnerabilities." These vulnerabilities have been given this name because they are loopholes in the software and operating systems of our devices that have not yet been discovered (hence the "zero-day") and have not been closed off by the companies producing the equipment or operating systems like Android by Google. It usually takes some time before these vulnerabilities are discovered and sealed.
How do you know if your phone has been hacked?
One of the common tactics for hacking a victim's device is phishing messages and spam that contain malicious links or attachments. If the victim clicks on the attachment or link (which leads to the download of malware to the device), this malware allows hackers to commit their crimes.
"The most common signs that show that a device has been hacked are faster-than-normal battery drainage, sudden increases of internet usage unrelated to browsing habits by the user of the device, GPS and internet options turning on and off independently, randomly displayed advertisements, or unfamiliar apps installed without your permission," said information security company ESET's damage investigator Lucas Stepenko.
Another sign of a potential hack is an abnormal change in the behavior of apps that previously worked normally, such as the opening or closing of an app, crashes or unexpected errors.
Not only does this affect apps but also the device itself, causing the operating system to behave strangely, according to Stepenko.
If you or one of your contacts are receiving weird calls or messages, or your call or message history includes records you are not familiar with, it is a possible sign that there may be malware on your device trying to make calls or send messages to international premium phone numbers.
Lest we forget, of course, one of the most obvious signs: If your Android is damaged by ransomware, you may just be locked out of the phone altogether.
Update your device system and don't download
files from unknown sources
Tom Malka, a cyber-threat intelligence researcher, said that "in order to stay as safe as possible, I would, first of all, recommend continuing to update the smartphone system frequently. These updates contain security updates that close off potential security vulnerabilities once they have been revealed."
Did you receive a suspicious message with a malicious link to download an app? Do not rush to click it.
"Remember that oftentimes, 'free' is expensive and if the temptation calls for you to download apps outside of the app store, the exposure to risk increases," Malka added. "It is important to be careful not to fall into a clickbait trap out of fear of spyware in particular, malware in general and of course a waste of time."
"Most exploitations are carried out through vulnerabilities in existing apps that are downloaded broadly or are default apps on the devices, such as iMessage in the case of NSO's spyware," said Kayran CEO Sahar Avitan. "It is therefore crucial to update one's device, which will make it difficult to carry out malicious operations on devices in contrast to outdated systems that have not been updated."
Force restart your device daily
A study by Amnesty and Citizen Lab showed that Pegasus and similar software rely on zero-day vulnerabilities and do not need the user to click on a message or link, but they have no resistance against a device restart, meaning a forced shutdown of the device by pressing the power and volume buttons at the same time.
Frequent rebooting helps "clean" the device of malware. If, for example, the device is rebooted daily, the attackers are then forced to infect the device once more with the software. This also increases the likelihood that it will eventually be identified by the security solutions built into the device.
Use a VPN
This is an action that makes it difficult for attackers to segment users based on their internet traffic. "It's important to remember that in 2022, the subject of our privacy is thrown into doubt," said May Brooks-Kempler, a cyber expert and co-founder of the Safe Online community on Facebook. "We search on Google, we open profiles on dating websites, we update our social networks, etc. Remember that everything that goes online stays online.
"To protect your privacy and anonymity in the current reality, it is important to enable privacy settings on networks, delete cookies, use anonymous or incognito browsers, and in some cases VPNs," she added. "The most important thing is to think before you post."
She added that it's important to go with paid VPNs and not free ones.
My phone was hacked. How can I fix it?
Once you have discovered that your phone was infected with malware, you should not throw it away rather it is better to identify the culprit and get rid of them.
For example, in the case of unwanted and annoying pop-up advertisements, you can identify which app is responsible for them by opening the "Recently opened apps" menu and long-clicking on the app icon.
According to ESET, while version 9 of Android and the versions before it allowed malicious apps to hide their icons, this option was blocked starting with version 10 of the operating system. This vulnerability has previously allowed hackers to impersonate other apps or try to hide themselves by using a transparent icon and a blank name.
"If you have used an iOS-based device so far, switch to an Android or vice versa," said Kaspersky Cyber Security Solutions. "This may confuse the attackers and delay the rest of the attack for a while."
The company also recommends getting a backup device for secure communication: for example, a device that runs on the GrapheneOS – an Android system based on a rugged security system – would be a good choice.