What is Pegasus, and How Does it Spy on You?
Вставка
- Опубліковано 15 чер 2024
- The Guardian newspaper has highlighted the perils of government sanctioned cyber-surveillance, following its exposé of Pegasus, a sophisticated piece of malware that is being used by authoritarian regimes to target activists, politicians, and journalists. So, what is Pegasus? How does it work? Can you protect yourself? Let's find out.
Introduction to Android app development: www.dgitacademy.com
Let Me Explain T-shirt: teespring.com/gary-explains-l...
Twitter: / garyexplains
Instagram: / garyexplains
#garyexplains
Funny how many illegal things can be made legal so easily by these companies and Governments just by putting "Crime" & "terrorism" in the sentence. Fighting crimes by doing crime is the norm now eh?
Basically, since war was invented
this, honor has been a myth for years, perhaps forever lol
And fighting germs.
Terrorism is pretext to spying. If there are no terrorists, they will make some, so they can spy.
Now? lol just open up any history book, and you learn very quick that the only thing that's different now is the technology
We really need phones with hard switch, which disconnects camera and microphone. Phone's usually don't even have indicator when microphone and camera are in use. (although new version of android and ios has indication on screen, which i bet can be bypassed with another zero day in future)
There's a phone called librem and pinephone. It runs linux but the software support is far from better. Ofcourse it will open a whole new box of vulnerabilities but atleast it has hard switches. We seriously need to support these developers (by buying the phone or just donating to them). So that the development process will be accelerated and we will get a serious competitor to android or ios
Duct Tape
Try removing your battery, most smartphones that's already hard to do !
@@chiranjeevsahoo4960 I've bought Fairphone, which has removable battery at least.
Agreed. Apple could've replaced the mute switch for a hard switch and any Android OEM can add it.
Just because we're paranoid, doesn't mean they're not out to get us.
he got us more paraniod now
Gotta find a way, a better way.
Makes me sick how silently this is all happening.
you mean to tell me ive been putting on a random show for free shit i need to start charging ;/
what im scared of is some random guy getting access to my phone. government has no need to monitor me, and even if they do, they arent gonna do anything to directly hurt me. i dont want some random dude in a basement to see im doing something and blackmail me with it. maybe i shouldnt have watched black mirror lol
nice try FBI
Nothing electronic is secure. I even have doubts about my toaster and I unplug it when not in use.
Not hackable but can catch fire. Because they don't embed any CPU into toaster... do they?
@@Artoooooor you neve kno.. their are toasters specially designed
@@Artoooooor If you have a smart toaster and on regular basis toast bread you can get a problem. If you do no toast you are probably away, Perhaps nobody is at home so if someone comes to your home he can steal things more easy.😉
It's only a matter of time before that toaster attacks you.
Aah so you're a waffle man!
8:07 I like how our "hacker" is "typing" and the screen says press any key to continue.
Sharp eye ma man 😂
yea lol
Eagle's Eyes...
That's very normal in such videos, someone just puts in a different, static, screen.
@@autohmae Yea its just a funny continuity error.
I work as an Advanced SOC analyst and this is the best explanation that I’ve heard.
Wow, thanks!
What do an advanced SOC analyst do?
@@_justarandomone_8884 well In short, we use a set of tool to investigate everything on the company network, then we build rules to alert us when malicious activity is happening and more. When we find strange or weirds things that we suspect we start investigate every piece that we can, if its a malware we need to understand what it does and how to react.
If its a breach we need to find from where and who and block that.
In short lol.
These exploits being used are not accidents, that is the real crime. Your encryption required by the govt has flaws they use against you also.
The dystopian future is now.
The dystopian now?
it was already here, watch the hated one
Covid 1984
@@ankan2088 dystopian present.
@Apples Bananas take your bloody pills
5:10. Gary explains zero day bugs and a fly zooms by in front of his face. Well played Sir.
In the early days of your channel, I challenged the accuracy of an argument you made with ignorant, adolescent, hubris in the comment section. You responded with clarifying information and honest questioning into my concerns.
While I'm by no means advocating for the increase of your interactions with the unwashed masses, I've been subscribed for years now and wanted express my gratitude. Not only for what you do, but for how you do it. Earnest authenticity is, unfortunately, a rare commodity in this world.
👍
The government would never misuse its power and authority to abuse its citizens... 🤣 I couldn't even write that with a serious expression on my face.
Corruption
@@ea168 that was the joke. I was being sarcastic.
@@sbrazenor2 i know that lol, corrupted worker inside a government who has access to that type power is a problem, my sibling was a victim
I find it sad that a symbol who represent freedom like the pegasus is used to curtail freedoms, it shows how much things are twisted and wrong with the world today.
It is not just about iOS or Android. Even SIMs have processors in them, albeit not as sophisticated as the ones running your smart-phone, but the SIMs themselves can be infected. Then you have issues with the SS7 protocol that can have your phone hijacked at the network level.
That's interesting. I wonder how it works with eSIMs since they are only software based
This is almost like the bit in the Dark Knight where Lucius Fox turns every mobile device in Gotham City into one big sonar device to find Joker.
@Ryan's Random Videos Every government is a hero in his own eyes. Just like a good villain.
Except in the hands of Evil and illegitimate crime syndicates in control of political parties and bureaucracy
Look up WiFi Doppler imaging
Excellent and very clear explanation of complex infomration here Gary, thanks so much for such an illuminating and useful piece.
Damn, that’s crazy!
_downloads suspicious mirror of Angry Birds on iOS 6_
India is one of the countries named in the report and the targets are indeed activists , and numerous journalists working for national newspapers and a few politicians as well.
Keep supporting isreal
So basically when they showed in Fast and Furious 8 that the lady could monitor or use any device remotely they weren't totally making stuff up.
it is okay, as it was for the FAMILY. :)
I hadn't seen that movie, but, *yes* .
Remote monitoring has been around for like 25 years. F&F8 is from 2017 lol
Thank you, Gary. That was so informative.
05:07 fly passes by when talking about bugs
I can name at least a few of governments who do this as a life style!
Name it then.
Literally Israel
@@ineffa8le00rt expected from illegal country
Over the weekend, an international consortium of news outlets reported that several authoritarian governments - including Mexico, Morocco and the United Arab Emirates - used spyware developed by NSO Group to hack into the phones of thousands of their most vocal critics, including journalists, activists, politicians and business executives.
Lol not my words just copied from TechCrunch
@@ut100c reminds me of Jamal Kashoggi's assassination by Arab's royal family, disgusting af
You could also get a phone where you can disconnect the camera, microphone, wifi module and GPS module from the circuit, turning them off completely.
Thank you so much for this upload😍🙂takecare and stay safe Gary🙂
Thanks for doing this Gary, this is very important...
5:06 or a bug that you know about because it flies in front of your face while you're talking about technical bugs ???
Damn 🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣
I just turn off my phone. Guess can't guarantee the phone is really off. I'll just take out my battery. Oops!, can't remove batteries any more.
The Samsung Galaxy XCover 5 and XCover Pro have removable batteries (no tools required) AND headphone jacks.
Also rugged and waterproof, with guaranteed security updates for the next 5 years. Worth checking out if you need a new phone.
Can also buy tablet versions too.
Its funny because because now having a removable battery is considered a feature in a phone.
Good explanation about malware, and Pegasus. Thanks!
Very informative video! Scary but at least your giving us tips on how to deal with those stuff. Thank you from Canada. :)
Battery out but condenser is still inside? Try to make an emergency call without the battery in.If you can't than it's in your advantage.
🇭🇺🇨🇦
When Gary releases video about a hot topic, usually it’s all I need to know about it
Unfortunately in the future this problem will only get worst. Thanks for the information Gary.
Thanks for another great video. Regarding your advice to always update to the latest version of your OS. Do you think that goes for the first version of a major new release as well? Like the upcoming iOS 15, for example. Apple has a tendency to release a first update fairly soon after a major release to fix the most severe bugs etc. Do you think that I, strictly from a security perspective, should install the major new release immediately, or wait for the first update? Do major new releases suffer enough bugs to tip the scales?
A superb and much appreciated explaination, Thanks!
This is about the best advice. There is no such thing as complete privacy with digital technologies. If you are paranoid, ditch mobile phone.
Doing God's work, Gary. Thanks for the explainer, very informative!
You are being watched.
Actually, one of the ways to stop stuff like this is to cut out its means to communicate. It can still record, or log, but if there's a way to prevent it from communicating, then they'll not succeed.
On a different note, thanks for the including the POI clip. It's my favorite series of all time.
How?
Thanks for making this video Gary!
Why worry about Pegasus when people openly invite Amazon, Alexa and own IPhones and give out private info to social media sites.
Joke's on them, my phone is two tin cans with a length of string
You just described how my phone's internet feels.
Hahaha! There's away to tap onto that!!! I have done it around age 7. It's funny it really works.
I respect your works young man. Wish you more years of hardware exploration 💯💗
I loved the video Gary. A bit of tape will prevent the camera from working. Reminds me of the days when I used a Motorola "brick" phone. BTW, I really like the music that started at around 41 seconds into the video, what is it?
That "hacker" sure was typing slowly. Lol
So you have to be typing fast if you're a hacker?
Just realised that your background image is the CBD of Singapore. :)
Very well explained sir . Thanks !
Very informative Gary, it'll be helpful if you link any video on your channel that's related to the subject of the current video.
*GARY!!!*
*Good Afternoon Professor!*
*Good Afternoon Fellow Classmates!*
Stay safe out there everyone!
MARK!
Edward Snowden also said, 6 or 7 years ago, that we could ALREADY be surveilled through our phones (possibly just iphones then?). He seemed to know this through working for a contractor for the NSA.
And they say this is heaven 🤣🤣🤣🤣🤣🤣🤣
Very interesting, thanks for the info!
Very good informative & explanatory video...
Loved it
Great coverage Gary. I can't wait until Linux phones are usable. Phones with a fully open source stack are the only chance we have got against this (short of using a feature phone, or no phone at all :-P). I have a PinePhone, it has some pretty cool features, but also not quite usable. I wonder what you think is the timescale for a usable Linux phone, maybe a video at some point? Would be interesting :-)
Android is based on Linux.
@@davidt01 quite the difference there, Android uses only the Linux kernel for hardware support, not the rest. The rest is a mix of open and closed components, but fundamentally it is very different from the Linux OS. An example would be the filesystem.
Hi Gary, I found this video a bit basic! Is there a way to protect oneself from zero-click exploits? Would one just have to avoid taking unrecognised calls?
Check out Rob Braxman Tech's video Is there a Phone Backdoor? (Pegasus, Simjacker, SS7). Maybe that'll help.
delete the messaging app, zero-clicks can travel via text from what i know
I consider you a friend after watching this. Thanks Gary. Nice one mate.
Thanks for such a solid review.
I'm surprised we've not heard about governments going through the baseband processor. That has always been one of the big treads, even for mobile phones who aren't smartphones.
They use a stingray to install the spyware
10:48 and don't think a vm could protect against such things if it can hyperjack
A VM did come to mind...
I'm not sure it wouldn't be effective.
Pegasus can't be perfect. I'm not saying they can't hack it, I'm just saying they gotta prioritize, and some things are lower priority than others.
Not many people would use a VM for this, and even if you hacked the VM, it's on another machine, and the gains might be quite low. This might make it a low priority.
was just waiting for your video 😊
One my favorite tech channel with a clip of one my favorite shows👍
That is creepy malware.
I've never thought about a decentralised world this hard before. Holy shhhh
Between your opinion and the 20th century...man, i really don't know...
Thank you so much for these informations 👍☺️😊
Thanks Gary for the interesting information.
But when Batman does it's alright.
Don't forget kids you always have the option of leaving the phone at another location. 🤣
It would be incredibly interesting to see what the program looks like for the user and to have an analysis of the source code although this is very unlikely. I have no idea how these sorts of things operate on a fundamental level
Great Video Gary.
Is there any way to know if an old phone is infected with this spyware? Any anti virus application would help?
Its not new, some 30 years ago the "infinity device" was doing the same with landlines. en.wikipedia.org/wiki/Infinity_transmitter
A modern smart phone is more invasive then a land line.
So while it isn't new, it is much more worrying.
Link🧐
@@An.Individual have you never watched the Matrix? ;) also you might be surprised by the Freaking scene
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
- Benjamin Franklin
12:50 - This series is "Person of Interest". An absolutely must watch series. You wouldn't know what you were missing until you see this one.
Best damn show of the last decade.
@@TheFourthWinchester Very true.
Thanks for the info. Another good vid.
5:08 speaking of bugs... 😂
(One casually flies by the screen)
The name of this software fits. The guy that named it is as creative as the one who developed it
pegaSUS
that last bit was the most important part of the conversation.
Thanks for the video.
I have an advice for iOS user. Check for updates regularly. Android users can chill for now as if there is a security flaw or critical security and google has a patch it pushes to devices running android 5.0 through Play services so that non techy people are secure too without even knowing about it.
...wait a mo, are you saying security patches are installed onto my phone when I download software from the Play Store, and when I play games that are linked to my Google account?
You wont have to worry about spywares on android or apple, the whole os is spyware.
@@ashwinrawat9622 This one I agree. SWITCH TO LINUX 😂
@@rudeviper Or compile Android yourself as it's open source.
@@ManthaarJanyaro I care more about security more than I do about privacy. De googled phone is a very good option for privacy but what about security because as I said earlier its google that makes Android usable. And honestly I love google for this that they haven't just left android devices which are sold by other OEMs. They actually care about any android device you buy.
I was under the assumption that ALL digital traffic was stored on the super computers in Utah anyway. I guess Pegasus just helped rip off data that wouldn't be sent to Utah automatically. So now that people are making UA-cam videos about pegasus the NSO group most likely has Peg 2 nearly ready to go.
really liked the music at end
This was amazing Gary
Good thing my Nokia 3310 is immune to this plus I can use this as a weapon
Can still be triangulated
+1 for weapon usage of it 😂
And it has snake
Hhhh
@@margomarple9684 It's an old joke that the Nokia 3310 was an indestructible brick.
I use sensors disable option in developer menu, this forbids access to camera, mic, location(I hope), but probably a malware has access (as google has) above all restrictions.
Tested with Facebook and instagram access to a camera crashes the app.
8:26 love the disclaimer :D
5:07 talk about bugs and they shall come - BUG FLIES PAST HIS FACE lol
The great conspiracy for absolute power - these control freaks have all gone bonkers!
There have been VERY few attack vectors that simply required clicking a link. It most cases, clicking a link is fine because even if the link starts an auto download, you would still have to actually click on the downloaded item and run it for the attack to work. Downloaded files do not automatically execute.
Ever heard of browser APIs and WASM? There're plenty of ways how a WASM module can bypass browser sandboxing to infect a machine(basically in many ways: writing to storage/scheduling a malicious task/performing some calculations/accessing other processes' memory/etc or combined) having such a privilege as a "User's click". I'm not gonna say that we have to get rid of WASM or that it's so easy to do, but it's clearly possible to download and execute something with a single click.
@@mona.supremacy I didn't mean it was impossible, just extremely unlikely. The kind of link clicking most people would be thinking of would be the random text messages spammers, or coming across a malicious link while browsing the web, and in those cases your chances of clicking anything that is a one click download & execute are basically non-existent. One click download & execute links are going to be used in VERY targeted attacks and/or by government agencies, which 99% of people don't need to worry about. Nobody who has a working one click link exploit is going to blast it all over the web or spam it in text messages where it will be found and patched quickly. They will keep it quiet and use it very sparingly in highly targeted attacks.
Great video! 5:08 was that a fly?
Brilliant insight 👍👍
Everyone living in Communist China, just the marketing and branding is different.
@American Freedom World Peace I’m reflecting to the new Pegasus fiasco not NSA
Exactly. You already know Silicon Valley was taking notes! BECAUSE THEY GOT CONTRACTS IN CHINA TOO.
Your Father is the thief but you think you are intelligent when you call your friend's father a thief.
That's scary as hell... :-/
Only difference with the rest of the world is that we get to live life pretending that our government does it with the best of intentions.
how did "The guardian" find out who was under surveillance ? cause if such surveillance is happening then its a rookie mistake to leave evidence of it?
Hackers of Hackers exist 😂
a list of the "clients" was leaked. by clients I don't mean the governments, I mean the government's "clients" 😁
@@mas921 government's clients as in gov agencies , or gov target's
@@KhanjanYT if you're running a multi billion dollar surveillance thing, and your clients are governments than shame on NSO 😂
@@jdeep7 i think NSO is not that stupid to let an employee blow the whistle , because believe it or not many powerful governments are involved. NSO must have some kind of leverage on their employees. and yes amnesty changed its statement to potential targets making the whole story void and null. I am interested on how Amnesty made the list...you oppose the government , you're in the list , you're an activist you get to be on the list
Zero Days. Great documentary. Recommended.
thanks.
Love the POI reference 👍
Between 5:08 and 5:14 in this video, a literal bug flies past the presenters nose...i noticed it, and i am sharing to get my reward. Its a zero day bug, as i write. 🤣🤣
Lol
"there has never been a conspiracy in this country"
🤣 some people really believe that too...
Pegasus us just one of many. Surveillance is everywhere. My last two employers made us wear pins and communication devices that would track our location at the work place and even sound. The important thing now is not whether they are doing this or whether they should but rather how can we protect ourselves against this.
I assume the surveillance from your former employers was with your consent, which makes it very different to Pegasus.
This is my first video view of you but I have already liked your content
Welcome aboard!
Master tip: change your govt by making people aware of these things
You can try your luck for free in Russia or Hungary or Ukraine just to see the bottom of the ocean. Mafia is not happy about competitors.
Why disable the camera when a piece of black electrical tape will suffice?
Because microphones can still be on without you noticing.
@@ov3rkill he only mentioned disconnecting the camera.
I think id need to pay people to watch me...Anyway if anyones watching enjoy
I hope future phone cameras will have physical camera cover and may be a led indicator hardwired with the mics so that when a mic is on the led can indicate. Not very convenient but may be not a bad idea.
I have an RFID phone pouch, I think that is meant to block signals into and out of the phone, while in there. Is that also a bit of a half baked workaround? I.e keep the phone in the pouch when driving around and use a navman instead, and take it out when needed? not a full stop, but something...?
I'm more concerned with those hacks destroying my battery life.
That's called a Windows Update
Haha
Lol
I wonder if any among the compromised devices listed in the leak runs Linux, and how safe are Linux phones in general. Since some of the targeted individuals are serious journalists doing an essential job, it is important they continue to have access to secure devices, maybe a secondary device running Linux could be a good tool if they prove to be safer.
Agreed, at least until they become very popular
@American Freedom World Peace I meant as a secondary device, especially for journalists and human rights activists, maybe even politicians. Unfortunately Linux phones aren't mature enough to be the main daily driver, but they could potentially be a fantastic secondary device and keep private information more secure.
Android phones are linux.
@@lowpowerlarry9957 Technically yes but also not really. Android runs a heavily modified Linux kernel but also many specific libraries and binaries. By Linux phones, I mean phones running the standard kernel and GNU libraries.
Is the malware permanent? I remember reading several security publications stating that it was in fact possible to perform zero touch hacks on Android as well as iOS with latest updates respectively. But none of the different malwares were able to survive a fresh boot due to very tight boot partition security (especially Samsung KNOX).
Would wiping your phone clean and re-installing from scratch with newer code be a fix ? Alternatively, obscurity tactics by not using a smart phone , using a flip phone be a means of protection?