During the last days the investigation “Pegasus Project”, coordinated by Forbidden Stories with the technical support of Amnesty International, has permitted to discover a wide campaign of spyware carried out by different government with the famous tool sold by the Israeli company NSO Group, by which activists, journalists, lawyers and politics have been spied since 2016.
Pegasus is a tool that has been used two years ago in order to listed conversation of users by exploiting the vulnerability of WhatsApp (and Facebook had subsequently complained NSO Group). It has been used also at the end of 2020 in order to spy journalists of Al Jazeera, by exploiting the only vulnerability of iMessage.
The Israeli company has declared a lot of times that Pegasus is useful only for tracking terrorists and criminals, but the investigation Pegasus Project carried out by 17 newspapers underlines a massive use of this tool by authoritarian governments, among which Hungary, Azerbaijan, Saudi Arabia, United Emirates and Kazakhstan. Forbidden Stories and Amnesty International have discovered a list of more than 50.000 phone numbers of “people of interests” that are potentially objectives of surveillance.
Pegasus shall be installed without the user’s acknowledge on smartphone like Android and iPhone, by exploiting the vulnerabilities of app, and access to a illimited number of data (SMS, emails, chat, photos, videos, contacts, calendar, GDS), activate the microphone and the video camera. Information are shared to hackers.
Edward Snowden, the computer scientist known for having revealed to the world the affair into mass surveillance programs in the National Security Agency (NSA), during an interview to The Guardian has warned: “if we are not doing anything in order to stop the sale of these software, purposes will not be more than 50.000 but 50 million. And this will happen soon”.
For who is fearing to be a potential target of this dangerous spying method, is not available “Mobile Verification Toolkit” (MVT), a tool implemented in a free form by researchers of Amnesty International on GitHub. It can be performed in order to analyze Android and iOS, by resulting more effectiveness with the system Apple, because iPhone are a wider target, and consequently, based on data recollected, it seems easier to identify the compromising of a device.
MTV analyses a backup of the device in trying to identify specific identificatory. At the moment it must be run on computer by command line but being an open source project it is not excluded that soon someone will add an interface so as to make its use easier and affordable for everyone. The instructions for use and the steps to follow are available on the pages of the official website of the tool.
SOURCE: FEDERPRIVACY