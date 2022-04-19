Privacy died with the arrival of the mobile. Smartphones know practically everything about us, from the PIN of our personal bank account to the people with whom we chat or share moments. And what is worse, (almost) everything with our prior permission.

The word smartphone It is synonymous with leisure, money, organization, immediacy, work, social networks… and vulnerability. Our mobile device has also become the main way for hackers and intelligence services (governments) to access our personal and professional information. The last flagrant case of espionage was carried out by the spyware pegasus, a malware that infected the mobile phone of tens of thousands of activists, politicians, businessmen and journalists from various countries, including Spain. Experts warn: these malicious programs are increasingly complex and almost impossible to detect. This leads us to the following questions: how do you detect the undetectable? How can we protect ourselves from these types of attacks? We talked about it with the cybersecurity expert and computer forensic expert Bruno Pérez Juncà.

What is Pegasus?

Pegasus infected the mobile phones of tens of thousands of activists, politicians, businessmen and journalists from several countries, including Spain JACK GUEZ / AFP

An extensive report published this Monday in the magazine The New Yorkerwith information from an investigation by The Citizen Lab, an appendix of the University of Toronto (Canada) specialized in technology, has revealed that the mobile phones of more than 60 representatives or sympathizers of the Catalan independence movement, such as the current president of the Generalitat Pere Aragonès , were spied on by Pegasus spyware, developed by the NSO Group, and malware developed by the Israeli company Candiru.





read also

The vanguard

They are programs used by law enforcement and intelligence services to track terrorists and criminals, but have also been used to secretly spy on the phones of political rivals, activists and journalists. An “illegal” practice, which has put at the center of the controversy the methods used by governments to “control” certain influential sectors of society.

What makes the Pegasus spy program so unique?

What makes the Pegasus spy program so unique? Gorodenkoff Productions OU

Pegasus is a spy software that basically allows you to remotely control a mobile from any other device. In this way, hackers have access to all the phone’s file systems: from photos and videos to social networks and location. They can also activate the device’s camera and microphone.

Hackers take advantage of these ‘security holes’ that have not yet been detected by the creator or developers to enter the device and monitor it.”





Bruno Perez JuncaCybersecurity expert and computer forensic expert





The cybersecurity expert and computer forensic expert Bruno Pérez Juncà points out that what makes the Pegasus program special is that “the attacked person does not need to click on a link or open an SMS or an email for the hacker to access their mobile device. “. It only takes a security flaw in an app installed on the device. “Programs like Pegasus take advantage of these ‘security holes’ that the creator or developers have not yet detected to enter the device and monitor it,” says Juncà. This is known as a zero-day vulnerability.

Who are the victims of Pegasus?

In Spain, among those affected are people linked to the procés Natalia Segura / ACN

Pegasus has the ability to compromise any iPhone and Android device with ease, although unlike common cyber attacks (such as phishing or smishing), Pegasus does not infect random devices. It only attacks smartphones that belong to specific people whose activities are of interest to the government in power, since only intelligence services can use this type of program.





read also

John Manuel Garcia

In Spain, among those affected are people linked to the processAmong them are the three presidents or former presidents of the Generalitat such as Artur Mas, Joaquim Torra or Pere Aragonès, but not Carles Puigdemont; fellow MEPs Diana Riba and Toni Comín; the presidents or former presidents of the ANC, Elisenda Paluzié, and Òmnium Cultural, such as Jordi Cuixart (and his partner, the journalist Txell Bonet), Marcel Mauri; or businessmen from the pro-independence orbit such as David Madí and Xavier Vendrell.

How to know if your mobile phone is being monitored?



How to know if your mobile phone is being monitored? Getty Images/iStockphoto

Pegasus is undetectable and very difficult to track. Pérez Juncà points out that detecting this type of attack is “neither easy, nor fast, nor cheap”, although there are a series of symptoms that should put us on alert. The most common are a very high consumption of data or a certain slowdown of the device.

There are also other tools such as the Mobile Verification Toolkit (MVT), which Amnesty International launched in July 2021. As Pérez Juncà details, this “kit” detects whether you have been attacked (or not) by a program like Pegasus . “The problem is that Pegasus is also changing its conditions and infrastructure precisely to avoid this type of tool,” warns the expert.

“The MVT is like an antigen test: it is recommended to do this test, but to know if a mobile is really infected or not, we have to do a PCR”





Bruno Perez JuncaCybersecurity expert and computer forensic expert





“The Mobile Verification Toolkit (MVT) is like an antigen test: it is recommended to do this test, but to know if a mobile is really infected or not, we have to do a PCR. That is, in computer terms, we have to do a static analysis and a traffic or dynamic analysis of the phone. How? Using cybersecurity experts, and even then, it is very difficult to detect if a device is infected or not, “explains Bruno.

How to install Mobile Verification Toolkit (MVT) on iPhone?

one

Install iMazing on your macOS computer





two

Use the free trial period, which includes the Pegasus analysis





3

Connect your iPhone or iPad to the computer and authorize the connection on the mobile device.





4

Tap ‘Detect Spyware’, located on the right side of the screen.





5

Follow the instructions and wait for the app to analyze your iPhone or iPad





6

Accept the default settings.





7

Start the scan.



Bruno Pérez Juncà points out that we must take into account that the MVT is not easy to install, since it only allows you to do it if you are an iOS or Linux user, and quite advanced knowledge of computer language is obviously required.

What to do to be protected from this type of attack?

What to do to be protected from this type of attack? PEXELS

No one is safe from cyber espionage, although Pérez Juncà gives some keys to staying “safe” from this type of attack. To do this, he points in one direction: updates, “the great workhorse, the key to everything.” “It is very important to have all updates up to date, both for the operating system and applications, since they often have to do with security flaws detected by the developers or creators themselves.”

It is very important to have all the updates up to date, both for the operating system and for the applications, since they often have to do with security flaws”





Bruno Perez JuncaCybersecurity expert and computer forensic expert





It also does not hurt to take basic measures to avoid being the victim of an attack, such as only opening links from known contacts and sources; enable fingerprint or facial recognition lock on your phone; avoid public and free Wi-Fi; encrypt data on your device; and enable remote wipe functions.





read also

Antonio Javier Trujillo

Despite this, Pérez Juncà regrets that companies like NSO Group are very powerful and when it comes to money, they bring out all their heavy artillery and unfortunately, as an individual, you can do practically nothing to protect yourself. In fact, one of the big surprises for the technical managers of the investigation that this global espionage network has uncovered is that Pegasus is capable of skipping the most up-to-date version of the iPhone operating system. Pegasus sent a silent message via iMessage (Apple’s SMS).

Will the Pegasus espionage case mark a before and after?

The flagrant case of espionage through Pegasus could cause a change in the regulation in the use of this type of tools. In this sense, the expert consulted by The vanguard warns that it could have created “a precedent for intelligence agencies to review the conditions and rules of these programs.”