Since the inception of this blog, the goal has been to discuss most relevant Cybersecurity/Privacy related topics in a way that an everyday internet user will understand. This month we are going to look at another such topic that made big headlines last week- Pegasus Spyware. What exactly is a spyware? How does it work and should you be really concerned about it? Let’s jump right into it and find out more
What is Spyware?
Spyware is a type of software or an app on your computer or phone whose goal is to collect as much information about the activities that you perform on that device.
This can be achieved a variety of ways. The software can simply monitor the websites or the apps that you visit and collect all the information about your activity which may include, how many times you viewed a certain website, what pages were you most interested in etc. Or it can activate your microphone and listen to all your conversations. It may intercept and/or record calls made through the phone. It can use something called a key logger, which will capture all the information you typed on your keyboard including your passwords.
The simplest way to think about it is to imagine someone else having full control of your device and all the information on it without you knowing about it.
How does it work?
This piece of software is sitting on a device and collecting everything it can, and what does it do with all this information that it collects? The person or an organization that designed this piece of software have already decided what they want their application to do and it will do exactly that. For example, in case of the Pegasus Spyware, it made requests to websites controlled by NSO group (an organization who is believed to have developed Pegasus). What it means is that whatever data the application has collected, it tries to send that data to its controller. The controller can be an individual or an organization which then gets all your confidential information.
If you are technically savvy and are interested in reading the detailed technical analysis of Pegasus by Amnesty International, you can do so here
Apart from data collection, another big goal for Spyware is to avoid detection either by the user of the device or by an antivirus software running on it. In order to do so, Spyware tries to mask itself as a part of existing legitimate software on the device (either the operating system or another software).
How does it get on your device?
There are various ways in which Spyware can get on your devices but the most common way is through links to malicious websites. An attacker who wants to install Spyware on your phone can send you a website link in an email/SMS and get you to click on it which in turn installs the software on your phone without your knowledge.
Another popular way to get on your devices is through some weakness in existing software on the device. Consider a scenario where you are trying to install Facebook application on your phone. The Android operating system on your phone asks you whether you want to install the application and does so only after you respond yes to a prompt that is displayed to you on the screen. Imagine if there was a way to tell Android to install Facebook without you clicking on the yes button. That would essentially be a weakness in the Android operating system which the attackers can take advantage of to install Spyware on your system without your consent.
How do you know it is installed on your phone?
Like perviously described, one of the characteristics of Spyware is to stay hidden and avoid detection. That makes it challenging to determine if it is on your device. But some of the signs you can look at which will tell you that something might be off
Increase in data usage
This is probably one of the major signs. If the malicious app needs to ship off all of your data over the internet, it is going to significantly increase your data usage. Keeping tabs on your data usage patterns can help you detect any anomalies.
Sudden battery drain
This application running in the background collecting data at all times will likely take a toll on your device’s battery, making it another good indicator to look for.
Any other abnormal behavior like slowness, random shutdowns
The unwanted app on your phone or other device can make them really slow because these applications tend to use a ton of memory on the device. It is also possible that the app does not work as intended which may lead to your phone randomly restarting
It is important to keep in mind that these symptoms can be a sign of some other problem too and does not necessarily mean your device is infected with Spyware.
How do I get rid of it if I suspect it is on my device?
Erase hard drive on your device/Factory reset your phone
Erasing storage, apps, programs on your device (often times referred to as formatting the device) is possibly the only surefire way to get rid of such software. Make sure you do not restore any apps or programs that were previously running on the device from a saved state.
How do I prevent Spyware from getting on my devices?
Install software only from official sources
Try not to install third party apps downloaded from anywhere on the internet. Install apps only from Android Play Store/App store for iPhone that are published by the authorized publishers.
Enable Two factor authentication on all your accounts
Even if the Spyware gets all your passwords, they won’t be able to login without the second factor authentication. More information about 2FA in one of my previous posts
Always lock your device
Do not leave your device unattended in public places so that someone cannot install a software without you knowing about it
Be careful while clicking on any links received in emails/text messages
Some of the ways outlined in this previous post about clicking on malicious links might help you stay protected
What is the realistic threat to you?
When you read about things like Spyware, it is important to ask the question, what is the realistic threat to you as an everyday internet user. The honest answer to it is that the probability of you being targeted with a sophisticated Spyware like Pegasus is quite low. But it is also important to know that Pegasus is not the only Spyware that is out there. There are hundreds of such applications designed by individuals/companies alike. You may not be a target for Pegasus but a disgruntled ex is very likely to target you with such Spyware as access to it becomes more ubiquitous.
In conclusion, I would like to say that even if you are not a prime target of Spyware or any other threat on the internet, being aware of the threat and understanding its implications helps you defend yourself or friends/family members in the event such a thing happens to them. That’s all for this post, if you thought this article was useful, please do share it with people you care about and help them make better decisions in the digital world!