Tracking Pegasus

The spy program leaves traces on smartphones. Software now enables iPhone users to check their device for the surveillance tool.

Governments around the world are spying on their critics - journalists, human rights activists, opposition figures: the international "Pegasus Project" series of revelations made headlines around the world two and a half weeks ago. At the center of the research, in which the Süddeutsche Zeitung was also involved, was the Pegasus spy software from the Israeli company NSO. The program is capable of infecting smartphones from a distance. A secret service or police agency that has a Pegasus license usually only needs the phone number of a target person to attack his or her smartphone. Pegasus then turns the phone into a digital bug, taking complete control of the device. All data and all communications can be viewed, stolen and analyzed by police and intelligence officers, even encrypted chats. Even remote control of the camera and microphone is possible.

It is a widespread fear that smartphones eavesdrop on their owners, for example for advertising purposes, but this fear has often been disproved as unfounded by security researchers. Pegasus, however, makes exactly that possible and has thus triggered uncertainty.

Surveillance hunters have to rummage through the most private of information

The software "iMazing" now offers a way for at least iPhone users to examine their device for traces of a Pegasus infection. "iMazing" is a paid program for managing Apple devices such as iPhones and iPads, and is primarily designed to back up personal data and export chat histories from messengers such as Whatsapp, for example. The feature to detect spyware is free, according to the company. The product from Swiss company Digi DNA works on Apple's macOS operating system and on Windows devices.

If users want to make use of the Pegasus check, they have to create a backup of their iPhone for the program or allow "iMazing" to access an existing data backup. The software then searches for traces of Pegasus in this data. These can be found in chat messages, search histories in the browser or in log files of the operating system. The software thus rummages through the most private information. The developers emphasize that no data is transferred and the analysis takes place exclusively on the user's computer. As with all software, however, users should only run programs whose developers they trust - and the more sensitive the processed data, the greater the trust must be.

IT researchers from Amnesty International have published analysis tools for free use

Security researchers have been examining every line of Pegasus code they find on activists' or journalists' smartphones for years. They also map the infrastructure of the manufacturer NSO, i.e. the servers and their IP addresses through which the spy software is downloaded. This has resulted in a worldwide exchange of known attack routes, which makes automatic tracking by programs like "iMazing" possible.

Crucial parts of the program code of "iMazing" were thus also developed by IT forensic experts of the "Security Lab" of Amnesty International and published as open source software on the net for free use as part of the Pegasus project. However, Amnesty International's "Mobile Verification Toolkit" is less user-friendly if you don't know basic programming. However, it also allows Android users to verify their devices.

Despite the widespread use of the spy software, as evidenced by the Pegaus Project's research, Pegasus is not a mass-market product. Governments pay millions of dollars for a few hundred attacks. And each attack must be planned, controlled and evaluated. Nevertheless, anyone who thinks they are of great interest to a government agency with a Pegasus license can use "iMazing" to quickly and easily gain a measure of clarity. But it is also clear that companies like NSO are usually one step ahead of IT security researchers.

Comments

Post a Comment

Popular posts from this blog

Chrome targeted by criminals: Why users need to update quickly now

A security vulnerability in Google Chrome is currently being exploited by cyber criminals. Malware could land on your PC through it. Read here how you can protect yourself. The Google Chrome browser is currently struggling with some security vulnerabilities. In a blog post , Google warns about a total of seven vulnerabilities, with the majority of these gaps being classified as a "high" threat to users. The vulnerabilities have been fixed in the latest version of Chrome for Windows, Linux and macOS. If you have Chrome version 90.0.4430.85 installed, it can no longer be exploited. If you have an older version of the browser installed, you should update urgently. You can find the download of the new version below these lines. Smartphone users do not have to be afraid of the security vulnerability. Google has not had to take any security measures here for the time being. The security vulnerability probably remained undiscovered by cyber criminals for the time being. So far, noth...
Read more

Face and voice recognition: Why TikTok wants to be allowed to collect biometric data in the USA

TikTok's privacy policy for the US now mentions the collection of biometric data from faces and voices. The background is likely to be a legal dispute that cost the company $92 million. Neue Datenschutzbestimmungen sind oft eher etwas für Juristen, doch die jüngste Aktualisierung von TikTok sollte alle Nutzerinnen und Nutzer in den USA aufhorchen lassen. Denn in den am 2. Juni aktualisierten Datenschutzbestimmungen für die USA ist ein Abschnitt enthalten, den es zuvor nicht gab. Er lautet übersetzt: »Wir sammeln möglicherweise biometrische Identifikationsmerkmale und biometrische Informationen, wie sie im US-Recht definiert sind, wie etwa von deinem Gesicht und deiner Stimme, aus deinen Inhalten.« Im englischsprachigen Original ist von »faceprint« und »voiceprint« die Rede. »Bevor wir damit anfangen«, frage man jedoch nach dem Einverständnis, wenn dies gesetzlich nötig sei, fügte noch TikTok hinzu. In response to an initial inquiry from "TechCrunch" about the ba...
Read more

Microsoft Teams, Zoom, WebEx: Berlin authority warns against popular video systems

After an initial data protection audit, some video service providers have made improvements to their offerings. But the Berlin data protection commissioner still sees serious shortcomings. The State Commissioner for Data Protection in Berlin (Germany), Maja Smoltczyk, advises against using leading video conferencing systems such as Microsoft Teams, Skype, Zoom, Google Meet, GoToMeeting, Teamviewer and Cisco WebEx. The reason is a retest of various offerings. After a number of services had already failed a test of data protection requirements last year, a new test of the major providers did not reveal any substantial improvement. Smoltczyk said that she was pleased "that our comments had persuaded so many providers to improve their offerings, in some cases very significantly, in terms of data protection". There are now enough legally compliant services for a wide range of purposes that there is no reason to break data protection law for video conferencing. However, if a provid...
Read more