How to mitigate your risk of being subject to Pegasus surveillance

From TCU Wiki

Over 30,000 human rights activists, journalists and lawyers across the world may have been targeted using Pegasus (source: The Pegasus Project, 2021). While it's important to note that Pegasus is an expensive toolkit ($2.5 million for an Android zero-click infection chain with persistence), if a human rights defender is an important target for a country, it is likely just a matter of time and resources before this HRD's device gets infected.

Mitigation techniques

Government-grade spyware can be more difficult to detect. However, as noted in a guide on Pegasus published by Kaspersky, there are some actions you can take to mitigate the risk of being subject to such surveillance, based on current research and findings:

  • Reboots: Reboot your device daily to prevent persistence from taking hold. The majority of infections have appeared to be based on zero-day exploits with little persistence and so rebooting can hamper attackers.
  • Disable iMessage and FaceTime (iOS): As features enabled by default, iMessage and FaceTime are attractive avenues for exploitation. A number of new Safari and iMessage exploits have been developed in recent years.
  • Use an alternative browser other than Safari or default Chrome: Some exploits do not work well on alternatives such as Firefox Focus.
  • Use a trusted, paid VPN service, and install an app that warns when your device has been jailbroken. Some AV apps will perform this check.  

It is also recommended that individuals who suspect a Pegasus infection make use of a secondary device, preferably running GrapheneOS, for secure communication. (source)

Countries known to have purchased and used Pegasus

  1. Armenia - Pegasus found on devices of political opposition
  2. Azerbaijan - Pegasus found on devices of journalists and activists
  3. Bahrain - Pegasus found on devices of activists, bloggers
  4. Djibouti - In 2018, the U.S. Central Intelligence Agency purchased Pegasus for the Djibouti government to conduct counter-terrorism operations (despite Djibouti's poor human rights record).
  5. El Salvador - Pegasus found on devices of journalists
  6. Germany - Pegasus is in use by German Federal Criminal Police Office (BKA)
  7. Hungary - Pegasus found on devices of political opposition, journalists, lawyers
  8. India - Pegasus found on devices of political opposition, activists
  9. Iraq - Pegasus found on devices of political opposition, journalists, activists
  10. Jordan - Pegasus found on devices of activists
  11. Kazakhstan - Pegasus found on devices of journalists, activists
  12. Mexico - Pegasus found on devices of political opposition, activists
  13. Morocco - Pegasus found on devices of political opposition, activists
  14. Netherlands - Pegasus used to spy on a high profile criminal
  15. Panama - Pegasus found on devices of political opposition
  16. Poland - Pegasus found on devices of political opposition, journalists
  17. Rwanda - Pegasus found on devices of activists
  18. Saudi Arabia - Pegasus found on devices of political opposition, activists, journalists
  19. Spain - Pegasus found on devices of political opposition
  20. Thailand - Pegasus found on devices of political opposition, activists
  21. Togo - Pegasus found on devices of political opposition
  22. Uganda - Pegasus found on devices of foreign diplomats
  23. United Arab Emirates - Pegasus found on devices of activists, journalists, lawyers

(Source: Wikipedia)

Additional resources

Retrieved from "https://wiki.digitalrights.community/index.php?title=How_to_mitigate_your_risk_of_being_subject_to_Pegasus_surveillance&oldid=47047"