An insider reveals how the nasty spyware used in the WhatsApp breach lets governments secretly access everything in your smartphone, from text messages to the microphone and cameras

Getty/NurPhoto/Contributor

• WhatsApp, a Facebook-owned messaging app used by more than 1.5 billion people around the world, recently found a major security flaw, the Financial Times reported.
• The hack is reportedly as simple as receiving a WhatsApp phone call, even if you don’t pick up the call. A record of the call can even be remotely erased, the report says.
• The WhatsApp exploit enables the installation of software from the NSO Group, a secretive firm from Israel that bills itself as a leader in cyber warfare and is behind a notoriously invasive software tool called Pegasus.
• Pegasus enables users to remotely access everything in an infected smartphone, from text messages to location data — and it’s next to impossible to know if your phone was infected. 
• Visit Business Insider’s homepage for more stories.

If you’re not a cybersecurity researcher, it’s extremely difficult to know if your phone has been infected with spyware.

"The really sophisticated stuff is going to be designed to be very light touch and not be very observable by the user," John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto’s Munk School, told Business Insider. 

The University of Toronto’s Citizen Lab is an academic research group that’s credited as the first to identify a particularly malicious spying application named "Pegasus." 

Pegasus was created by the Israel-based NSO Group, a software company that sells that spyware to governments all over the world. 

If your phone is infected with Pegasus, it’s nearly impossible to know — and that’s why it was so particularly dangerous that a massive security flaw in the Facebook-owned WhatsApp messaging service, revealed this week by the Financial Times, enabled hackers to install Pegasus on target phones simply by calling them.

What happened with WhatsApp?

Reuters

On Monday, Whatsapp issued a software update to its 1.5 billion-plus users. 

The reason was simple: The update aimed to patch a massive security flaw wherein hackers could infect target phones simply by calling that phone through WhatsApp.

You didn’t need to accept the call, and records of the call could even be erased remotely after the fact — as though a burglar virtually broke into your phone, took whatever they wanted, and didn’t leave a trace.

"The way to think about this is like using WhatsApp as a vector," Scott-Railton told Business Insider. "If indeed this is NSO, their job is to find novel vectors so they can always offer their customers access to phones. And WhatsApp is just another on the list."

Simply put: The WhatsApp security flaw was a new way for hackers to infect smartphones with malicious software.

WhatsApp fixed its security hole, but not before at least one target was impacted: an unidentified, UK-based human rights lawyer.

What is Pegasus?

Bronek Kaminski/Getty Images

What Pegasus actually does is relatively simple: Once a smartphone is infected with Pegasus, the application provides direct access, remotely and discreetly, to the entirety of your smartphone. 

Everything from text messages to using your smartphone’s camera and microphone are up for grabs. The spyware was created by an Israeli company, the NSO Group, and it’s nothing new.

Pegasus was first discovered in 2016 when a man in the United Arab Emirates named Ahmed Mansoor was targeted with "suspicious text messages," Scott-Railton said.

"Those text messages actually came bearing some suspicious links," he said. "We thought they looked pretty dicey, so my colleague Bill [Marczak] borrowed a colleague’s iPhone, clicked on the links, and was able to successfully get the phone infected with what was then a mystery piece of spyware."

That "mystery" spyware was actually Pegasus, and Mansoor was being targeted — likely due to his work as a  human rights advocate. Mansoor is currently serving a 10-year prison sentence in the UAE for publicly criticizing the government.

How do you know if your phone is infected with spyware like Pegasus? If the hackers are doing their job right, it’s extremely difficult to find out.

John Gress/Reuters

If your phone is infected with spyware like Pegasus, it probably won’t start suddenly overheating or ripping through battery life. If that were the case, "then the people who did it have not done their jobs right," Scott-Railton said.

In fact, if you’re not a cybersecurity researcher, it’s nearly impossible to know. 

"It’s quite tricky because the software is of course designed to be hard to find," Scott-Railton said. "What we did in the first instance was we actually captured the network traffic going into the phone after the [link] was clicked, and that gave us the infection." 

Unless you’re monitoring the network traffic going into your smartphone, and also savvy enough to know what type of network traffic could demonstrate malicious behavior, it’s extremely unlikely you’d know that spyware like Pegasus was running on your device.

See the rest of the story at Business Insider

See Also:

• The 50 most beautiful Apple stores outside the United States
• Everything you need to know about Huawei, the Chinese tech giant accused of spying that the US just banned from doing business in America
• I went to an Apple store for a repair and was shocked by how disorganized its shopping experience has become

SEE ALSO: Meet the shadowy security firm from Israel whose technology is believed to be at the heart of the massive WhatsApp hack

Source: Business Insider – feedback@businessinsider.com (Ben Gilbert)