Regularly dodging phishing scams and malware has become an unfortunate part of day-to-day life when using a camera phone. Many of us are well versed in the necessary art of avoiding suspicious links and hanging up on overly-friendly callers asking for far too many personal details.
However, a recently uncovered piece of spyware is so sophisticated that it can even infect a camera phone through a "zero-click" attack. This means that it doesn't require any interaction from the handset's owner, often exploiting vulnerabilities within the camera phone's operating system to do so.
• Read more: Best camera phone (opens in new tab)
Known as Pegasus, this spyware was developed, marketed and licensed to governments around the world by the Israeli company NSO Group. As reported by The Guardian (opens in new tab), this piece of software is essentially capable of turning your camera phone into a constant surveillance device, "It can copy messages you send or receive, harvest your photos and record your calls. It might secretly film you through your phone's camera, or activate the microphone to record your conversations. It can potentially pinpoint where you are, where you've been, and who you've met."
According to Claudio Guarnieri, who runs Amnesty International's Berlin-based Security Lab, NSO clients have mostly abandoned using the suspicious-looking text messages that many of us are used to. Instead, the "zero-click" attacks have become more widely used instead, exploiting weaknesses in software such as iMessage or WhatsApp.
Guarnieri even states, "When an iPhone is compromised, it's done in such a way that allows the attacker to obtain so-called root privileges, or administrative privileges, on the device. Pegasus can do more than what the owner of the device can do."
One of the most worrying aspects of Pegasus spyware is how difficult it is to prevent an attack. With the spyware targeting undiscovered weaknesses in software, this means that it's impossible to prevent an attack. Guarnieri says, "This is the question that gets asked to me… 'What can I do to stop this happening again?' The real honest answer is nothing".
Some of the targets selected by clients of NSO include Roula Khalaf, the editor of the Financial Times. Other possible candidates that were selected include journalists from organizations including the Wall Street Journal, CNN, the New York Times, Al Jazeera, Associated Press, the Economist and more.
Meanwhile, according to this report (opens in new tab) by The Guardian, NSO has insisted that the governments that license Pegasus are contractually bound to only use the spyware to fight "serious crime and terrorism".