Project Pegasus: Here’s everything you need to know (and unknow)

As we use our phones to perform most of the tasks online, our privacy and data are at risk. The latest headlining story when it comes to phone privacy and usage is Project Pegasus. The idea has been around for a while, but the most recent month has seen a sharp rise in the popularity of the term globally.

For the record, this is not Pegasus Technologies, the Ugandan mobile money payments aggregator and solutions provider. No, it is not. Many unscrupulous and naive citizens have pointed fingers at the company over the entire ‘Project Pegasus’ saga.

That said, let’s find out what the project is all about!

Read About: Digital safetea: A fun new way to learn about online safety

What is Project Pegasus?

To begin with, Pegasus is a hacking software – or spyware – that is developed, marketed, and licensed to governments around the world by Israeli company NSO Group. It has the capability to infect billions of phones running either iOS or Android operating systems.

Project Pegasus thus is data involving a list of phone numbers that are believed to have been selected as those of people of interest by the clients of NSO Group. The data, which includes at least 50,000 contacts, also contains the time and date that these numbers were selected or entered into a system. 

At least 10 governments believed to be NSO customers who were entering numbers into a system include Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE).

Read About: A summary of the Africa cybersecurity report 2019/2020

How does Pegasus hack into your phone?

The spyware’s infections can be achieved through zero-click attacks, which do not require any interaction from the phone’s owner in order to succeed. These will often exploit flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.

Pegasus can be installed on a phone through vulnerabilities in common apps, or by tricking a target into clicking a malicious link. It can also be installed over a wireless transceiver located near a target or simply manually installed if an agent can steal the target’s phone.

Once installed, Pegasus can theoretically harvest any data from the device and transmit it back to the attacker. This includes SMS messages, address books, call history, calendars, emails, and internet browsing histories. When a phone is compromised, it’s done in such a way that allows the attacker to obtain so-called root privileges, or administrative privileges, on the device.

Read About: A glitch in Zoom’s screen sharing feature raises security concerns

How to check if your phone has been hacked

To keep your privacy protected you must always keep a check on your phone’s behaviour. You can protect your phone from hacking by being mindful of various applications and activities on your device. Here are some tips!

If you see inappropriate or X-rated advertisements pop-ups on your mobile phone, it could suggest that your phone has been compromised. In case there are unknown calls and messages initiated from your phone, it could indicate that your device has been hacked.

If your data bill is higher than usual without you increasing your online activities, it is likely that your phone is hacked and the fraudster is using your phone’s data to run apps in the background. Or if the battery life of your phone decreases at an alarming rate, you must take note.

In the event that your phone shows sluggish performance like crashing apps, freezing of the screen, and unexpected restarts, it is a sign of a hacked device. Also, if you notice any unrecognized applications downloaded on your device, it could be the work of a hacker.

If there are unusual activities on your social media or email accounts that are connected to your phone, it could mean that a hacker has gained access to the device and it could lead to identity theft. Similarly, if you stop receiving calls or messages, the hacker must have got your SIM card cloned from the service provider.

Read About: The NITA-U cybersecurity campaign unveils website with tips to avoid cyber attacks

Stay on top - Get the daily news in your inbox