menu
Weekly Online Magazine
ISSN 2544-5839
zamknij
MediaHisttory Podcast image

24.01.2022 Law in media

How to Detect Pegasus on Your Phone and Protect Against Spying

RINF

The nature of spyware is to remain as hidden as possible, making it difficult to detect on a device. However, some mechanisms can help verify if a smartphone has been compromised.
Poczytaj artykuł wydanie polskie w wydaniu polskim

How to Detect Pegasus on Your Phone and Protect Against Spyingphoto: Mikhail Nilov/Pexels

Special services using Pegasus can infect phones through various mechanisms. Sometimes, SMS or iMessage messages contain a link to a website, which, when clicked, installs the malicious software on the device. Others use a "zero-click" attack, exploiting iMessage vulnerabilities in iPhones that allow infection simply by receiving a message without user interaction.

How to Check if Your Phone Has Pegasus Spyware?


- The easiest solution is to use Amnesty International’s mobile verification toolkit. This tool works on Linux or MacOS and can analyze files and configurations on a mobile device by examining a backup downloaded from the phone. However, the analysis cannot confirm if the smartphone has been hacked but only detects indicators of compromise that may indicate an infection, explains Mariusz Politowicz from Marken, a distributor of Bitdefender in Poland.


Amnesty International’s tool can detect the presence of specific software on the device and a range of domains used in the global infrastructure supporting spyware networks.

Protection Against Spyware


Unfortunately, there is currently no solution to protect against zero-click attacks, but there are relatively simple steps to minimize the risk of infection from Pegasus and other malware. The most important is to open links only from known and trusted sources.

- Pegasus is deployed on Apple devices through iMessage links. This is the same technique used by many cybercriminals for malware distribution and simpler scams. The same advice applies to links sent via email or other messaging apps - explains Mariusz Politowicz.

Devices should also be kept up to date with appropriate patches and updates. Android users should not rely on notifications about new operating system versions and should manually download the latest version, as device manufacturers may not provide updates.

Though it may seem obvious, physical access to the phone should be limited. This can be done by enabling PIN unlocking, fingerprint, or face recognition on the device. Avoid public and free Wi-Fi services (including hotels), especially when accessing sensitive information. While using such networks, the best solution is to use a VPN. Encrypting data and enabling remote wiping is also good practice. If the device is lost or stolen, data remains safe.

What is Pegasus?


Pegasus, developed by Israel’s NSO Group, is software used to spy on smartphone users. Once installed, it extracts contacts, photos, messages, allows phone call interception, captures keystrokes, and enables camera access.

In an investigative report by The Washington Post, 1,000 people in 50 countries were identified among 50,000 analyzed phone numbers as targets of Pegasus spyware. Those monitored included journalists, politicians, government officials, executives of large corporations, and human rights activists.

Why Do We Still Click on Suspicious Links?


Up to 76% of respondents who value cybersecurity could not recognize phishing attempts, according to a study by Tessian. This type of cyberattack - encouraging users to click a malicious link - remains effective. Why, despite increased public awareness about security, do people continue to click on suspicious links?

One reason is the emotional response triggered by the message (via SMS, email, or even an incoming call). Criminals craft messages to evoke fear or uncertainty in the recipient.

SELF PROMOTION. Listen to the story of FORBES magazine. Discover our #mediaHISTORY podcast

Another reason is our trust in familiar entities. Banks, streaming platforms, postal operators, or energy companies create a sense of security. We trust that the technology infrastructure in large companies is properly secured and that messages from such companies are reliable.

How to Defend Against Phishing?


Remember a few basic rules:

  • Before downloading an attachment, read the message carefully. Fake messages often contain spelling and punctuation errors,
  • verify the sender`s details. The email addresses used by scammers may differ from authentic ones by easy-to-miss details, like a typo in the domain name,
  • use antivirus software. Anti-phishing filters increase the chances of detecting a threat - whether a fake or suspicious website,
  • verify the domain before using its services. If you find yourself on a website (especially for a bank or a site offering payments), check if the SSL certificate truly belongs to it by clicking the padlock symbol in the address bar and verifying the certificate owner`s name.

It’s worth remembering that, just as on the road, in the digital world we should apply the principle of limited trust. Habitual link-clicking is a very risky behavior.

Share the article:

dodaj na Facebook prześlij przez Messenger dodaj na Twitter dodaj na LinkedIn

COMMERCIAL BREAK
Work In Media

New articles in section Law in media

Dietary supplement ads in Poland. Who keeps influencers in check?

Newseria, KFi
One in three Polish internet users considers influencer recommendations when deciding on medicines and dietary supplements. Although promotion of such products is regulated, there are still cases of advertising that skirt the law.

SEO Poisoning. Hackers Use Search Engines to Target Businesses

Piotr Rozmiarek
Search engines help us quickly find information, but they can also be used by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to place harmful websites at the top of search results.

Phishing in the Cryptocurrency Industry. Fake Recruitments Steal Data

Piotr Rozmiarek
Security researchers have detected a social engineering campaign targeting job seekers in the Web3 industry. The attack aims to conduct fake job interviews via a meeting application that installs information-stealing malware.


See articles on a similar topic:

Cyberwarfare on the Internet. The ESET Report

KF
Governments, corporations, and even the education sector are becoming targets of advanced cyber attacks. The report for the period from October 2023 to March 2024, prepared by ESET, sheds light on the intensification of activities by Advanced Persistent Threat (APT) groups, which conduct espionage, sabotage, and destabilization operations in key sectors on behalf of states.

Unsolved Journalist Murders: CPJ Report 2024

KFi
Haiti and Israel have topped the latest report by the Committee to Protect Journalists (CPJ) on impunity in journalist murders. Worldwide, 80% of cases remain unsolved. The report explores why those who kill journalists evade accountability, highlighting the countries leading this grim statistic and its impact on press freedom.

Why do People Spread Disinformation? Results of DigiPatch Research

Ewelina Krajczyńska-Wujec
People strongly driven by the need for power are more likely to share posts on social media, including disinformation. Power itself, like the need to gain prestige and recognition, is not associated with the frequency of spreading false information, according to research involving Professor Małgorzata Kossowska from the Jagiellonian University.

Illusory Security. Small and Medium Enterprises Easy Targets for Cybercrime

KF
35% of micro, small, and medium enterprises (SMEs) fear the theft of their employees' personal data. This comes from research conducted on behalf of ChronPESEL.pl and the National Debt Register of Poland.

More in the section: Law in media

Work in media

United States
New York • Washington DC • Los Angeles • Chicago • Houston • Phoenix • Philadelphia United Kingdom
London • Birmingham • Manchester • Liverpool • Glasgow • Edinburgh Canada
Toronto • Ottawa • Montreal • Calgary Australia
Sydney • Melbourne • Brisbane • canberra Ireland, New Zealand, India

advertisement

Drones. For PRO. On discount




community

Facebook LinkedIn X Twitter TikTok Instagram Threads Youtube Google News Blue Sky Social RSS

Reporterzy.info - online media studies magazine. The world of communication from the inside. Media, journalism, PR and marketing. Data, reports, analyses, advice. History and market, law, photography, job offers.



Reporter shopping

Reporter shopping

Affordable laptops, notebooks and netbooks
Affordable laptops, notebooks and netbooks
for writing
Digital SLR and compact cameras
Digital SLR and compact cameras
for photographers
Books and e-books about media
Books and e-books about media
for reading
Video drones and flying cameras
Video drones and flying cameras
for pilots
Gimbals for stabilizing video
Gimbals for stabilizing video
for those on the move
Software and apps for creative work
Software and apps for creative work
for digital creators
More occasions

follow us 👉 on Youtube
Watch more 👇
#59sec REPORT SHORTS
Read books and e-books

Read books and e-books

Okładka Understanding Media: The Extensions of Man
Understanding Media: The Extensions of Man
Okładka Media Control. The Spectacular Achievements of Propaganda
Media Control. The Spectacular Achievements of Propaganda
Okładka Social Media Marketing All-in-One For Dummies
Social Media Marketing All-in-One For Dummies
Okładka Mass Communication: Living in a Media World
Mass Communication: Living in a Media World
Okładka Beyond The Feed: A Social Media Success Formula
Beyond The Feed: A Social Media Success Formula
Okładka Trust Me, I`m Lying: Confessions of a Media Manipulator
Trust Me, I`m Lying: Confessions of a Media Manipulator
more books and e-books

Reporterzy.info

More about us

Our tools and services

Contact


© Dwornik.pl Bartłomiej Dwornik 2oo1-2o25