"It’s not paranoia if they really are out to get you.” For Ahmed Mansour, a human rights activist hailing from the UAE, those are words to live by; after all, speaking out on inconvenient issues in a country which frowns upon such expression, is a perilous vocation at best and a deadly one at worst. So when Mansour receives a message on his phone with an attached link, he doesn’t click on it even if it promises him the greatest cat videos of all time. Instead of clicking, he sent the messages to cybersecurity firm Citizen’s Lab which sent them forward to another cybersecurity firm called Lookout for investigation.
What they found was a form of spyware they had not yet seen, despite the fact that their entire job is to root out and counter such malicious tools. In the words of Lookout, it carries out “the most sophisticated attack they’d ever seen”. How sophisticated? For one thing, this spyware was designed for phones using Apple’s iOs software, which was previously considered incredibly secure (it is also now available for Android).
Once installed, the spyware ensures total surveillance by installing modules that allow the end user to listen to all calls, take screenshots, read all messages and emails, scan contact lists, photo galleries and browser histories. It can even turn on your phone’s microphone at will, essentially turning your phone into a surveillance device. If you think that your messages are safe because you use encrypted apps like WhatsApp and Signal then consider that Pegasus is capable of logging keystrokes, and thus can read what you’re typing before it is encrypted. And the best part is that it leaves no trace of its existence; even the most skilled cybersecurity experts won’t be able to locate it unless they know exactly what they are looking for.
Developed by the Israeli company NSO technologies, Pegasus is a commercial product available for sale to interested bidders, and there is no shortage of those. An investigation by Citizen’s Lab revealed that Pegasus has been detected in at least 45 countries, many of which are notorious for human rights abuses and the suppression of even the most innocuous acts of dissent. While the Mansour case took place in 2016, Pegasus is back in the news thanks to a lawsuit filed against NSO by Saudi dissident Omar Abdulaziz who claims that it was this software, obtained by the Saudis and surreptitiously installed on Jamal Khashoggi’s phone that allowed the Saudi government to monitor his communications.
Why phones are being targeted for spyware is of course obvious: these little devices know more about us than our family and friends do, and if Big Brother gets into these then well, our lives are literally in their hands.
Sometimes it’s not even necessary to get into the phones, as the apps we like to use are sufficient to glean information from. Take the fitness app Strava which inadvertently gave away the locations of US military bases in Afghanistan and even — thanks to the military personnel using it — allowed other users to actually track movements around the base. While the rest of the world was hunting virtual creatures on Pokemon Go! several militaries around the world banned its use.
But now we have smart TVs, refrigerators and (believe it or not) salt shakers. All these are part of what we like to call “the internet of things”, and each one of them is a potential surveillance device. Smart water meters may be efficient for the user, but they also can let hackers know exactly when you flush your toilet. As for those voice assistants we love to use, how can Alexa hear you say “hello” if it’s not always listening? And how hard would it be then for others to listen in? At which point does our convenience end up compromising us?
By arrangement with Dawn...