Paul Haskell-Dowland and Roberto Musotto from Edith Cowan U

spyware and how to find out if your phone is infected.

A version of this article was originally published by The Convers

A major journalistic investigation has found evidence of spyware

by governments around the world, including allegations of spyin

From a list of more 50,000 phone numbers, journalists identified

reportedly under surveillance using the Pegasus spyware. The so
company NSO Group and sold to government clients. [NSO Gro
government clients around the world from using its technology a

Among the reported targets of the spyware are journalists, politic

and human rights activists.

Reports thus far allude to a surveillance effort reminiscent of an O

can capture keystrokes, intercept communications, track the devi
spy on the user.

How does Pegasus spyware infect phones

The Pegasus spyware can infect the phones of victims through a
may involve an SMS or iMessage that provides a link to a websit
software, or malware, that compromises the device.

Others use the more concerning ‘zero-click’ attack where vulnera

allows for infection by simply receiving a message, and no user i
Apple devices are generally considered more secure than their A
device is 100pc secure.

Apple applies a high level of control to the code of its operating s

app store. This creates a closed system often referred to as ‘secur
complete control over when updates are rolled out, which are the

Apple devices are frequently updated to the latest iOS version vi

improve security and also increases the value of finding a workab
the new one will be used on a large proportion of devices globall

On the other hand, Android devices are based on open-source co

the operating system to add additional features or optimise perfor
Android devices running a variety of versions – inevitably resulti
(which is advantageous for cybercriminals).

Ultimately, both platforms are vulnerable to compromise. The ke

While developing an iOS malware tool requires greater investme
devices running an identical environment means there is a greate

While many Android devices will likely be vulnerable to compro

makes it more difficult to deploy a single malicious tool to a wid

How can I tell if Pegasus spyware is on m

While the leak of more than 50,000 allegedly monitored phone n
Pegasus spyware has been used to monitor anyone who isn’t pub

It is in the very nature of spyware to remain covert and undetecte

mechanisms in place to show whether your device has been comp

The (relatively) easy way to determine this is to use the Amnesty

This tool can run under either Linux or MacOS and can examine
device by analysing a back-up taken from the phone.
Although it may sound obvious, you should limit physical access
fingerprint or facial recognition unlocking on the device.

Also, avoid public and free Wi-Fi services (including hotels), esp
information. The use of a VPN is a good solution when you need

Finally, encrypt your device data and enable remote-wipe feature

stolen, you will have some reassurance your data can remain safe

By Paul Haskell-Dowland and Roberto Musotto

Associate professor Paul Haskell-Dowland is associate dean of c

University (ECU) in Perth, Australia. He has more than 20 years
education in both the UK and Australia. Roberto Musotto is a qu
with expertise in both the commercial and cyber aspects of seriou