28 Jul 2021

What Entrepreneurs Should Know About The Pegasus Leaks

Startup, Venture Capital, Edward Snowden, Spyware, Pegasus

“Your Smartphone Is Worse Than A Spy”

On 18 July, The Guardian published a bombshell. Along with 16 other media organisations, the Guardian unveiled the sinister work carried out by NSO Group, an Israeli technology firm.

Over the last decade, NSO has sold “Pegasus” spyware to authoritarian regimes around the world, allowing them to take control of the phones belonging to French cabinet ministers, Emirati princesses and British academics. The sophistication of these attacks has revealed the vulnerability of our data infrastructure. The scale of these attacks is staggering.

As the dust settles, one thing is becoming clear: Spyware is slowly entering the mass market.

Entrepreneurs and innovators need to get to grips with this new security threat – and come to terms with the limits of their defences.

What is Pegasus?

Pegasus is sophisticated spyware that can conduct so-called “zero-click” attacks on Apple and Android phones. Zero click attacks require no interaction from the target (you don’t have to click on any shady links to get the virus). This means there is no reliance on human error and no way to know if you are being targeted.

Once infected, Pegasus gains full control of your phone. It can read encrypted messages (even on “secure” programs like Telegram or WhatsApp, go through your files, track your location, and even turn the microphone on to record private conversations.

In a recent interview, Edward Snowden argued that this new spyware makes your phone “worse than a spy in your pocket”. For businesses, a new front is opening in the fight against industrial espionage.

Venture Capital, Startup, Emmanuel Macron, Pegasus Leak, Tech

What Entrepreneurs need to know about the Pegasus Leaks. Image via Creative Commons by Visual Content.

Who was targeted?

A data leak, purported to come from the NSO group, listed 50,000 phone numbers that may have been targeted by clients of the firm. Those targeted include American and British citizens.

The clients asking for this access were mainly governments, but NSO has apparently also been selling its services to smaller municipal administrations and even local police departments.

What’s more, the line between state and secular is not always clear. The ruler of Dubai seems to have been using Pegasus to spy on his ex-wife and daughter, while in Mexico, the spyware has been implicated in the murder of journalists who criticised a local drug cartel.

The bottom line is that more and more people are getting their hands on military-grade spyware. And this problem is likely to get worse.

Malware (programmes that damage or disrupt systems) is already costing companies millions in ransomware attacks.  Pegasus has seriously undermined confidence in Apple and Android defences. In the future, Spyware tools are likely to see ever greater use.

How can you protect your phone?

Pegasus is sophisticated, but it is not without its weaknesses. Because the spyware does not leave any permanent mark on the phone’s hard drive, it is deleted from the system every time a phone reboots.

Emma, an IT specialist at The Guardian, revealed to us that all employees at the paper are now required to turn their phones off at 9 am and 5 pm every day. For now, trying to restart your phone every few day’s looks like a sensible precaution.

Security providers are also racing to catch up. Already, IVerify, a security app for IOS devices, has claimed that it can now detect and delete Pegasus on Apple phones.

Sometimes you won’t be able to…

There are limits to what anyone or any organisation can do. There is no sure way of preventing the next Pegasus, or even of knowing when it might emerge.

In truth, what the NSO scandal reveals is that we cannot have total confidence in digital security. Smartphones are integral to the way we live our lives, but we can no longer afford to have total faith in them.

Businesses need to take calculated risks about the use of technology. For entrepreneurs and start-ups, this means that the struggle to quickly establish secure networks and keep sensitive business off private channels has never been more pressing.

For those dealing with sensitive data, the problem is still more urgent. There is now some data that probably shouldn’t be transmitted virtually, even over encrypted channels.

There may even be some meetings you shouldn’t bring a phone to.

Are you an Entrepreneur in the Tech industry? Find out here how Floww can help you today.

Data Security
Tech Security