As Pegasus steals everything, both ongoing calls, video and GPS position, as well as contacts, stored files, photos, web history, conversations, texts, etc., even those you communicate with, will be revealed. Taken together, this makes Pegasus a terrible weapon against dissidents and journalists and their colleagues around the world.

1 No Reason to Give Up

The threat seems to be all-encompassing. Everyone is threatened by espionage nowadays. Why should one even try to fight back?

Of course you should. It is possible to protect yourself against new attacks if you only take basic measures and uphold proper IT sanitation.

Pegasus does not differ all that much from previous spy apps.

2 Zero-Click Attacks

Pegasus is “zero-click” and can infect through sensitive apps without the user doing anything. Sensitive apps include Photos, Apple Music and iMessage.

How does it happen? Many apps found in the various app stores are either created to be Trojan horses directly, or have such poor protection (backdoors) that they act as revolving doors for cybercriminals. There are also an incredible amount of lookalike-apps that look almost the same as the most popular ones, but are malicious. For example, there are hundreds of weather forecasting apps, many of which are malicious from the outset and disclose your user information to the manufacturer, who then sells it to the highest bidder.

According to media, it may seem as if only Apple phones are infected, but Android phones are just as vulnerable.

What should you do to reduce the threat?

• Reduce the attack area. Minimise the amount of apps on the phone. Erase the ones you rarely use.
• Update operating systems and apps regularly, as updates are intended to close security holes.
• But if you are infected, it is not enough to just update the operating system. It does not make the Trojan disappear.
• Protect your work phone by having it unreachable and switched off when not in use.

A technologically advanced person may investigate where the phone is secretly sending data, by connecting the phone to one’s own wireless network and examining the data traffic in the router.

If you are at risk of being of interest to a country’s security service, it’s time to start watching what you do with the phone.

Well, this will soon apply to anyone who surfs the Internet, who does not want to spread their personal data around or disclose too much to advertising companies.

• Do not click on everything that flashes on the Internet.
• Links can be tricky and hide jumps to malicious sites. If you are going to a site you trust, type the address by hand, do not click on a link. Avoid sites you do not trust.
• If the link seems to be an abbreviated variant (common on social media), do not accept it.
• If you know that the site you are going to, uses https://, you must type it at the beginning of the URL, otherwise the browser could be redirected to an unprotected scam site.
• Bookmark your known, secure sites and use those bookmarks, not links.
• Ignore texts and other messages requesting you to click on links. If the request comes from someone you know, call them before you click, and verify that their account has not been hacked.
• Ignore messages from people you are not well acquainted with on Instagram, Telegram, Tiktok, Facebook and other social media.
• Delete spam and emails from strangers. Do not click on links.
• Do not let anyone else use your phone.
• Save passwords, but delete cookies. Often! https://www.hidden24.co.uk/cookies-and-how-to-get-rid-of-them/
• Just because your friends think an app seems fun or useful, you should not download it: https://www.hidden24.co.uk/apps-that-leak/
• Follow general advice for the safe use of mobile phones.

5 Especially for Those who are Politically Exposed: Two Phones

Use two phones.

Have one for serious jobs, on which you do not do general surfing. Factory reset the phone before you start using it. Feel free to use a non-standard browser that is less likely to become infected. Keep your phone up to date with the latest software updates. Switch off the phone when not in use.

• If you suspect infection, hand over the phone for forensic examination to, for example, Reporters without Borders. In such case, do not factory reset it!

“HIDE AND SEEK Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries” An excellent compilation by four researchers at the University of Toronto’s Citizen Lab, showing all the different Pegasus operators, where they are, their purposes and the countries and areas they monitor.

If your situation is very sensitive, you should change your phone often. How about an old phone that can’t run apps? One that can not connect to the Internet? They still exist. Surf the Internet on a computer instead. Make your notes in a paper notebook.

Sure, this is harder, but you should regard it as if you’re more or less at war. A signal reconnaissance war that could turn into something more serious.

• If you have higher security requirements, like if you work for the government or a municipality, consider an encrypted telephone, which uses secure zones: https://www.hidden24.co.uk/what-is-a-secure-mobile-phone/

You can use the other phone to surf as usual, and open unknown links, but remember that if it gets infected, it can be used to spy on you. Switch off the phone when not in use.

Do not surf the Internet in cafes, train stations and the like, because you may be redirected to a malicious site. Just how easily that might happen, you can read here: https://www.hidden24.co.uk/snooping-on-wifi-is-easier-than-you-think/

6 Hidden24 Recommends

Regard this article as a recommendation from Hidden24. A VPN tunnel does not help your phone in this case, because it is not internet espionage. The tunnel only serves to give Pegasus an encrypted way out on the Internet, to no avail.

If you surf the Internet on a computer instead, Hidden24 provides good protection.

Do not surf the Internet in cafes, train stations and the like, because you may be redirected to a malicious site.

7 Read More

• Wikipedia on Pegasus: https://en.wikipedia.org/wiki/Pegasus_(spyware)
• A very accurate technical description of how Pegasus works: https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf
• “HIDE AND SEEK Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries” An excellent compilation by four researchers at the University of Toronto’s Citizen Lab, showing all the different Pegasus operators, where they are, their purposes and the countries and areas they monitor, as well as the methods used to detect the operators. The researchers also report their communication with NSO, which of course has no idea at all about what the researchers are talking about. Download the PDF from Researchgate: https://www.researchgate.net/publication/327752350_HIDE_AND_SEEK_Tracking_NSO_Group’s_Pegasus_Spyware_to_Operations_in_45_Countries
• Amnesty International too, has investigated how Pegasus spreads, suspicious addresses on the Internet, easily infected Apple apps, how Pegausus tries to hide in the phone and how it sometimes fails. In section 9.5 there is a list of servers that Pegasus communicates with, which are used to redirect your browser to a malicious site, which you can investigate. But remember that these addresses are constantly changing and may no longer be relevant. You will find China, as well as California and Iceland. This survey is, more or less, up-to-date for the year 2021: https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
• Search page where you can find the vulnerable people on the Pegasus list: https://cdn.occrp.org/projects/project-p/#/
• Yet another news item: https://www.theallineed.com/technology/20210719/pegasus-50000-people-hacked-including-many-journalists-and-opponents/
• All technical questions and answers can be found here: https://www.lookout.com/search#q=pegasus+exploits

You can use the other phone to surf as usual, and open unknown links, but remember that if it gets infected, it can be used to spy on you.