3 Steps for Protecting Yourself from Pegasus Spyware

Pegasus, spyware that takes over your phone, turning it into a surveillance device, first appeared in the Middle East last summer and is making headlines again, this time throughout Latin America.

How Pegasus Allows Other to Turn your Phone into a Mobile Surveillance Device

Pegasus is spyware developed by NSO Group in Israel, and when downloaded and installed on a device, it turns the device into a mobile surveillance device, monitoring every detail of a person’s cellular phone including calls, texts, emails, contacts and calendars.

Pegasus spyware is sent through a text message containing a provocative message along with a link. Some recent examples of these messages include requesting help locating a missing child, an alert to a suspicious charge on a credit card, and warnings of imprisonment. As soon as the user clicks on the link, the software is downloaded and installed on the device stealthily so that the user is unaware of the software. Once installed, Pegasus jailbreaks the target device, and turns it into a mobile surveillance device; enabling interception of all activity on the phone.

How to Secure your Device from Pegasus

There are several means of securing your device from Pegasus, starting from developing good technology practices.

Always update your operating system to the latest version. Apple and Google regularly release updates which include security patches for vulnerabilities and malware. Both Apple and Google have released fixes for Pegasus. Apple released a patched version of iOS (starting from iOS 9.3.5) and Google has put in place specific controls to mitigate Pegasus on most Android OS’s (starting April 2017).
Pegasus spyware (as well as all sorts of other malware) infiltrates phones by way of the phone user clicking a link in a text message, email, Twitter post, or any other means. When receiving any message with a link, make sure you are familiar with the person sending the link and actually verify that the message along with the link is coming from the person you believe has sent it. Note that a determined attacker will very carefully craft a message to make it appear as though it is from someone you know, and will be regarding a topic of interest to both of you!
While the first two recommended practices should protect you from Pegasus (at least until the next version is released), it is critical to maintain secure communications including calls and messages that are not vulnerable to Pegasus and other malware. Secure calls and messages will insure you can communicate securely even when spyware infiltrates your phone and you are “under mobile surveillance.”

Secure Calls and Messages in the Event you are Victim to Pegasus Spyware

TrustCall provides secure calls and messages; ensuring only the initiator and recipient can listen to the conversation or read the text message. KoolSpan has partnered with Trustonic to enable TrustCall to automatically detect jailbreaking or rooting of a device (in the case of Pegasus or other malware) and in the event of a jailbreak it shuts down TrustCall, informing both the user and the TrustCall Administrator. This will ensure complete protection from malware, including Pegasus. The integration is currently in development and will be available in upcoming releases of TrustCall.

Want to be in the loop for future releases and exciting new features and updates? Sign up for our newsletter and we’ll make sure to include you!

Alessandro Ossoli

Alessandro Ossoli serves as KoolSpan’s VP of Product Management and System Engineering. Alessandro has over 15 years of experience in security and cryptographic solutions applied to mobile communication services within carriers, enterprises, and public institutions. His responsibility is to ensure KoolSpan’s products maintain the highest levels of security according to evolving market requirements, as well as supporting customers on all technical requirements. Alessandro is based in Italy.