Paul Haskell-Dowland, Associate Professor and Associate Dean (Computing and Security) at Edith Cowan University’s School of Science, said the recent Pegasus attacks on high-profile individuals worldwide is a reminder to us all to take simple steps to avoid spyware attacks on our smartphones.
The Pegasus spyware episode saw more than 50,000 phone numbers, and 1,000 people in 50 countries reportedly under surveillance. The spyware was developed by the Israeli company NSO Group and has been sold to government clients. It can infiltrate Android devices and Apple iOS versions up to the latest release, iOS 14.6, through a zero-click iMessage vector.
Paul Haskell-Dowland said while the Pegasus spyware is a sophisticated government intelligence tool the average user is unlikely to encounter, there are many spyware and other malicious software tools ‘in the wild’. The following simple steps can help individuals minimise their exposure to a spyware attack.
1) Only open links in your email or messaging applications from known and trusted contacts when using your smartphone. Although this won’t help with Pegasus, malware targeting mobile devices are often spread via email/SMS/iMessage.
2) Make sure your device is updated with any relevant patches and upgrades.
3) Limit physical access to your phone. Do this by enabling pin, finger or face-locking on the device.
4) Avoid public and free WiFi services. The use of a VPN is a good solution when you need to use networks and access sensitive information.
5) Encrypt your device data and enable remote-wipe features where available. If your device is lost or stolen, you will have some reassurance your data can remain safe.
“It is in the very nature of spyware to remain covert and undetected on a device. Once a device is compromised, the perpetrator can deploy further software to secure remote access to the device’s data and functions including the camera and microphone. The user is likely to remain completely unaware. These simple steps can help avoid your phone being compromised,” said Haskell-Dowland.