How to Stop Pegasus Malware
Pegasus is targeted cellphone malware by the NSO Group sold to governments.
What is Pegasus?
Pegasus is targeted cellphone malware by the NSO Group sold to governments.
It’s regularly used against human rights activists.
How can you stop Pegasus?
Well, you can’t stop it per say (except choice G below). But you can reduce risk with SOME of the steps below:
a) GrapheneOS
GrapheneOS reduces buffer overflows with a hardened memory malloc.
Buffer Overflows
A buffer overflow attack is when memory is corrupted to leak information. We covered this in our animated video on GrapheneOS, which you can find here:
https://video.simplifiedprivacy.com/why-grapheneos-is-more-secure/
DeGoogled
And this article covers the basics of DeGoogled phones:
https://simplifiedprivacy.com/degoogledphones/index.html
b) VPN for DNS
Always use a VPN for the DNS. Avoid trusting ISP DNS
DNS stands for Domain Name System and it’s how domain names (such as .com) get matched to IP addresses or locations. Corrupt governments can hack/manipulate routers or cell tower DNS to redirect you to different websites or services and then download malware to your system. Additionally, by using a VPN, you encrypt all the packets to treat the ISP’s infrastructure as untrusted.
c) VoIP
Don’t activate SMS from cell towers and use VoIP only via WiFi
VoIP or Voice over IP is just as good as regular phone lines. The person you’re talking to won’t even know the difference. We covered VoIP burners extensively in our review found here:
https://simplifiedprivacy.com/burners/index.html
d) External Router
Avoid a SIM card, then use an external WiFi FOSS router that you own, such as:
Home
In your home: DD-WRT, Open-WRT, (w/) OPNSense or pfSense
On-Go
Tiny on the go: Rasberry Pi with OpenWRT, or GL.inet,
You can put a USB modem on GLinet then you’d have portable WiFi access, but with physical isolation from the internet source. Then you only flow encrypted VPN traffic through the router.
If you’re too lazy to do this, then an external ISP-provided hotspot over in-phone SIM. We covered a lot of these different choices in our previous article on avoiding cell tower geolocation:
https://simplifiedprivacy.com/how-to-hide-your-location-from-cell-towers/index.html
e) How to Handle Links
Pegasus can work off being sent a link, so:
When your friends send you random website links on mobile, then look at it without JavaScript. Privacy Browser & Tor mobile both have a good toggle switches. (or look at it on PC)
f) Avoid Tyranny Apps
WhatsApp, Facebook’s apps, iMessage, and other big tech apps
As the Intercept reports, WhatsApp is an example of an app known to be vulnerable to zero-click exploits from Pegasus. The is a type of attack where the user does not even have to click the link to become infected. Zero-click exploits are why it’s very dangerous to use these spyware apps that are insecure such as WhatsApp, and we instead recommend Signal, XMPP, SimpleX, and Element.
If Facebook has to be used, avoid the mobile app and instead do so in a separate web browser on a PC where it can be properly isolated. (A virtual machine for Facebook can be considered for very high risk targets that need to use the site, but for the average person this is likely overkill and an isolated separate web browser is fine.)
g) Tiny PC
You could consider a tiny PC w/ WiFi such as LattePanda or Rasberry Pi INSTEAD of a phone because these have no internal cell tower baseband modem. The default Pi distro can do Signal, or for example:
lattepanda.com/lattepanda-sigma
h) Detection on Android
Detect Pegasus on GrapheneOS or stock android with the attestation tool app:
https://attestation.app/about
This app compares your current operating system to the stock android or official GrapheneOS version to detect malware.
i) Detection on iPhone
While as for iPhone, you’re better off with the Mobile Verification Toolkit (MTV) from Amnesty International.
This scans the device against known spyware from Amnesty International and Citizen Lab, which compares it against known “indicators of compromise”. According to TechCrunch, these include things like domain names known to be part of NSO’s infrastructure:
https://docs.mvt.re/en/latest/index.html
Conclusion
Some will think this list is extreme, but you can only do SOME of the choices depending on your situation. Also you should consider most of these things anyway for general privacy and security. If you want help, reach out to us to schedule tech support for phones, routers, Linux PCs, or whatever else you need.
Consider subscribing to find out about new content by email, by Session messenger, via RSS feed, or follow on Nostr.
If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push
Related Posts
DeGoogled Phones Within the European Union
No VAT / Keep your Name off the Phone's IMEI
[SP]
Dec 7, 2024
(USA) Xmas Sale: Pixel 9 for $580
Brand New & Damn Cheap
[SP]
Dec 5, 2024
Cell Towers vs WiFi
What data is being shared from cell towers vs WiFi, and what your options to reduce that are
[SP]
Oct 26, 2024
Airplane mode is a Myth
Airplane mode does NOT hide your location. Google and Apple continue to collect it
[SP]
Sep 19, 2024