Pegasus: Time to focus on advanced cyber forensics
It is time to develop advanced forensics to detect such attacks and compromises, Nikhil S Mahadeshwar, co-founder, Skynet Softtech tells Y V Phani Raj in an interview.
Published Date - 25 July 2021, 06:02 PM
Hyderabad: Pegasus, an undetectable spyware developed by the NSO Group bypassed even the security of Apple and Google, which are ruling the smartphone industry today. The spyware is designed specifically in such a way that it can spy on your contacts, call logs, SMS, WhatsApp chats, photos, videos, camera, location, microphone etc., so the device is physically with you but virtually accessed by someone else. It is time to develop advanced forensics to detect such attacks and compromises, Nikhil S Mahadeshwar, co-founder, Skynet Softtech tells Y V Phani Raj in an interview. Excerpts:
Murky past
There have been instances which lead us to believe that the NSO Group has been working on developing Pegasus since 2010. They were well versed with the vulnerabilities of iOS and Android operating systems by studying them in depth. They had servers set up in multiple countries including Germany, United Kingdom, Switzerland, USA, Ukraine, Canada, France, Finland, Netherland, India, Austria, Japan, Singapore, Bulgaria, Lithuania and Bahrain out of which three servers were planted in India. Reports suggest that the NSO Group has well connected servers so that even if one server fails, they have multiple hosting providers which are present as a backup in various countries.
Inadequate traces
One of the main reasons it’s becoming difficult to detect such kinds of attacks is the use of anti-forensic techniques. Pegasus is a self-destructive spyware which leaves behind few traces which aren’t enough evidence to prove the end point of the data or its origin. It is important that we develop advanced forensics technology that focuses on detecting such types of attacks.
Device safety
You might use either iOS or Android phones but the vulnerability is present in every device. No smartphone can claim that it is 100 per cent secure and hackers always exploit the vulnerabilities from the backdoors. Securing any smartphone is a continuous process and not a one-time process. It is always safe to be equipped with solutions such as anti-hacking solutions, anti-spying solutions, anti-phishing solutions, and paid Wi-Fi security solutions which can safeguard devices.
Power play
Even before Pegasus, there was spyware available in the market which was being used for unethical purposes. While ‘money’ does seem to be a common motive behind most of the attacks, ‘power play’ as a factor can’t be ignored. Spyware is also being used to get personal and professional data so as to misuse or spoil the reputation of an individual or company.
Lessons to learn
Users should realise that vulnerabilities can be exploited in anyone’s phone and this is just a start. The data which is now collected from Pegasus attacks are now stored on different servers, which can be exploited without our knowledge. As for the mobile phone makers, they should patch the vulnerabilities and not ignore the red flags raised by independent security researchers or cyber-security firms. One of the best ways to secure our digital privacy is to invest in a robust cyber-security solution.
Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.
Click to follow Telangana Today Facebook page and Twitter .