How to mitigate your risk of being subject to Pegasus surveillance
Over 30,000 human rights activists, journalists and lawyers across the world may have been targeted using Pegasus (source: The Pegasus Project, 2021). While it's important to note that Pegasus is an expensive toolkit ($2.5 million for an Android zero-click infection chain with persistence), if a human rights defender is an important target for a country, it is likely just a matter of time and resources before this HRD's device gets infected.
Mitigation techniques
Government-grade spyware can be more difficult to detect. However, as noted in a guide on Pegasus published by Kaspersky, there are some actions you can take to mitigate the risk of being subject to such surveillance, based on current research and findings:
- Reboots: Reboot your device daily to prevent persistence from taking hold. The majority of infections have appeared to be based on zero-day exploits with little persistence and so rebooting can hamper attackers.
- Disable iMessage and FaceTime (iOS): As features enabled by default, iMessage and FaceTime are attractive avenues for exploitation. A number of new Safari and iMessage exploits have been developed in recent years.
- Use an alternative browser other than Safari or default Chrome: Some exploits do not work well on alternatives such as Firefox Focus.
- Use a trusted, paid VPN service, and install an app that warns when your device has been jailbroken. Some AV apps will perform this check.
It is also recommended that individuals who suspect a Pegasus infection make use of a secondary device, preferably running GrapheneOS, for secure communication. (source)
Countries known to have purchased and used Pegasus
- Armenia - Pegasus found on devices of political opposition
- Azerbaijan - Pegasus found on devices of journalists and activists
- Bahrain - Pegasus found on devices of activists, bloggers
- Djibouti - In 2018, the U.S. Central Intelligence Agency purchased Pegasus for the Djibouti government to conduct counter-terrorism operations (despite Djibouti's poor human rights record).
- El Salvador - Pegasus found on devices of journalists
- Germany - Pegasus is in use by German Federal Criminal Police Office (BKA)
- Hungary - Pegasus found on devices of political opposition, journalists, lawyers
- India - Pegasus found on devices of political opposition, activists
- Iraq - Pegasus found on devices of political opposition, journalists, activists
- Jordan - Pegasus found on devices of activists
- Kazakhstan - Pegasus found on devices of journalists, activists
- Mexico - Pegasus found on devices of political opposition, activists
- Morocco - Pegasus found on devices of political opposition, activists
- Netherlands - Pegasus used to spy on a high profile criminal
- Panama - Pegasus found on devices of political opposition
- Poland - Pegasus found on devices of political opposition, journalists
- Rwanda - Pegasus found on devices of activists
- Saudi Arabia - Pegasus found on devices of political opposition, activists, journalists
- Spain - Pegasus found on devices of political opposition
- Thailand - Pegasus found on devices of political opposition, activists
- Togo - Pegasus found on devices of political opposition
- Uganda - Pegasus found on devices of foreign diplomats
- United Arab Emirates - Pegasus found on devices of activists, journalists, lawyers
(Source: Wikipedia)