Pegasus is spyware that came into the spotlight after revelations about its deployment against journalists, activists, and politicians. It was originally intended to fight terrorism and serious crime, but it has been dogged by controversy over abuse. We looked at how it works, how it spreads, and what can be done about it.
What Pegasus is and why people are talking about it
Pegasus was developed by the Israeli company NSO Group, founded by former military intelligence officers. Officially, it is sold only to governments and intelligence agencies for the purpose of investigating crime and terrorism. It gained global attention in 2021 after revelations by a journalistic consortium about surveillance of civil society activists, politicians, and journalists, though the first public mentions date back to 2016. In Europe, it sparked scandal and suspicions of misuse to harass the opposition and dissidents.
The price is not publicly known, but estimates have appeared in the media: monitoring ten phones may cost roughly a million dollars, and for hundreds of devices the sums are multiples of that. NSO states that it can revoke licenses in case of violations of agreed rules. The debate thus balances between the declared public interest and the risk of it being turned against legitimate targets. This is why Pegasus has become a symbol of the dispute over the boundaries of security and privacy.
How it infects and what it can do
Pegasus exploits vulnerabilities in iOS and Android and can get onto a device in several ways. These include a link sent via SMS or chat that, when clicked, leverages a flaw in the system; this is how activist Ahmed Mansúr was deliberately targeted in 2016. In 2019 it involved a flaw in the WhatsApp application, where even a missed call sufficed, and in 2021 further bugs in iMessage were exploited. Some attacks are "zero-click," that is, without any interaction from the victim.
Once inside, the operator of the tool has access to data often in a broader scope than the regular user. Collection takes place immediately after installation (existing SMS, emails, photos), passively as new messages and calls arrive, and also actively, for example by requesting GPS location or turning on the microphone. Communication between the phone and the operator is routed through an anonymizing network with numerous intermediary nodes around the world to cover its tracks. Rules and alerts are also available, for example upon entering a location or contacting a specific person.
Can it be detected and how to protect yourself
Direct detection of Pegasus on a phone by ordinary means is not considered realistic today. Apple sends notifications to users if it detects signs of a targeted attack, and there is also forensic analysis using tools like MVT, which, however, comes only afterward. We usually learn about new vulnerabilities only after they are disclosed, so caution and regular updates are important. Complete certainty does not exist, but the risk can be reduced.
On the prevention side, enhanced protection modes help by limiting potentially dangerous features. On Samsung devices this includes, for example, Auto Blocker, which blocks suspicious attachments and installations, and on iPhones, Lockdown Mode with significant restrictions on communication and browsing. The price of higher security is lower comfort and fewer features. For most people the rule is: update, don't click on unknown links, and handle sensitive matters with the understanding that a smartphone is not an impregnable safe.
