Tuesday, December 3, 2024
Tuesday, December 3, 2024
- Advertisement -

What are the ways to bypass NSO Group’s Pegasus spyware?

DigitalBank Vault claims their software encryption is better than the government, which means no one can decipher the information

Must Read

- Advertisement -
- Advertisement -
  • Pegasus spyware can reside within your device even if reset to factory standards and the only way is to throw the device to get rid of the spyware
  • DigitalBank Vault claims that the encryption level of their software is better than the government level, which means no foreign governments or intelligence agencies such as NSA, CIA or Interpol can decipher the information, no matter how much computational power they will apply.
  • All the best encrypted cellular smartphones are connected to the internet and use the cellular network, which means that no matter what type of encrypted smartphone you have, you are completely exposed to hacking.

Spyware, a tool created by hackers to collect private information about a person or organisation and track people online, is a big issue and a nightmare.

According to a major investigation into the leak of 50,000 phone numbers of potential surveillance targets, a Paris-based media non-profit – Forbidden Stories – and its media partners identified potential NSO clients in 11 countries – Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the UAE.

Think of Israeli-based NSO Group’s Pegasus spyware, a sophisticated piece of malware weaponising various zero-day exploits and helping government agencies to track top journalists, human rights activists and politicians and remotely collect information about their target’s relationships, phone calls, location and activities.

Many security experts have written and advised users how not to click links, open messages from unknown numbers and all other precautions they list, are completely worthless.

The power behind the NSO technology is much bigger and if you have an Android or an iPhone, you are doomed and they [hackers] will plant their spyware no matter what measures you take. They are the best in the World in this field.

Moty Weissbrot, CEO at UK-based DigitalBank Vault Limited, told TechChannel News that the NSO Group has hundreds of cybersecurity engineers, working round the clock to develop advanced tech for infecting devices, and they work in parallel on all smartphone models and adapt their tech to any new security update released from Apple or Android.

“Pegasus spyware can reside within your device even if reset to factory standards and the only way is to throw the device to get rid of the spyware,” he said.

Canada’s “Citizen Lab” is doing a great research job on NSO Group but never gave a real solution on how to fight this spyware.

There are many encrypted smartphones available in the market, but Weissbrot said they are not safe, which is a dangerous “illusion”. They have been hacked before because the data stay on the servers.

Read about Blackberry hacking, Encrochat hacking and Sky ECC hacking.

Even though WhatsApp, Telegram and Signal say they use encryption methods, he said that it is not true as the hackers can see in real-time what you do and the hackers catch it before you encrypt the data.

Encrypted phones are not safe

All the best encrypted cellular smartphones are connected to the internet and use the cellular network, which means that you are completely exposed to hacking no matter what type of encrypted smartphone you have.

“The best encrypted cellular phones in the world will not secure your secrets, make no mistakes about it. Most of them are creating the encryption keys for you, managing the encryption keys generated by them so that you are trusting some third parties, securing your confidential data, and sincerely speaking, this is a huge mistake. In addition, the servers of these encrypted cell phone suppliers can be hacked, encryption keys can be obtained and all your saved data can be accessed in its decrypted form,” Weissbrot said.

Being in the encryption business for more than 25 years, Weissbrot said that they have been asked by many entities to design communication systems that can bypass the NSO Group spyware.

He chalks out few solutions on fighting back this potent spyware and still being able to communicate safely.

  1. One solution is to use modified or hardened OSs as it will be difficult for them [hackers] to penetrate the devices. They need to study and develop and modify their spyware to get installed into the device. It will be complicated for the hackers as they have to spend a lot of time, money and effort.
  2. The second solution is to use OSs that are not covered by them [hackers] such as Lineage OS, E Foundation OS and Librem Purism OS, the less ‘popular’ ones and they are very good but it is not enough to be away from the hackers. These OSs can be downloaded free from the internet.
  3. The third solution is to be offline and not to be on the cellular network. You take a modified OS and work only on secured internet, with password-protected, and not in public WiFis. If you are on the move, you can open a personal hotspot and transmit WiFi to a cellular device. 
    To bypass the hackers, you need two cellular devices. One is the regular device, which holds the basic and classified information, and the second device to hold confidential data, used only to communicate, send and receive information, with the less popular OSs. Do not install other apps on the dedicated device as third-party apps can contain spyware.
    On the regular device, install communications tools that are not as popular as WhatsApp, Signal or Telegram as the hackers have access to it through the servers. There are less popular communications tools such as Skred, Twinme and many others and they are quite good, private and safe. Hackers do not spend time, money and effort that are less known. 
    The confidential communications have to be done on a separate device and should be always offline and should be online only when you transmit information outside.  
    When you get a file, email or PDF, encrypt the file, email or PDF on the second or non-regular device offline, using the software, and transmit it to the regular device, using Bluetooth, microSD, USB, cable or NFC.
    When you pass it to the regular device in encrypted form, even if the hackers are spying on your regular device, they [hackers] cannot encrypt the file as they don’t have the encryption keys and even if they see the file, it will be a garbled data. 
     “This is the method we give to top executives and it is the best way to overcome the spyware. If you receive an encrypted file, decrypt the file on the non-regular device via offline,” Weissbrot said.
    It is not a full-proof solution to fight Pegasus and other spyware, but he said that at least you are partially more in the ‘safe zone’ and have less chance to get hacked by the NSO Group.  
    Each organisation gets a slightly different version of the OS. Even if NSO Group tries to learn about this OS by buying it from them somehow, they will get one version that is not the same as supplied to other clients. 
    When the device is shut down, it erases all the data in 10 consecutive cycles and overwrites it with junk data, encrypts randomly the junk data. The data they collect from the device will be useless as it is just fragmented and encrypted junk data. The OS is resetting itself and each time a user switches on the device, it is like you get a new fresh device. This device can be also used offline, always, and still be able to communicate voice and video messages, text messages, and files. 

“We focus on selling the DigitalBank Vault SuperEncryption software and the encryption level is better than the government level, which means no foreign governments or intelligence agencies such as NSA, CIA or Interpol can decipher it, no matter how much computational power they will apply. It is OTP-based,” Weissbrot said. 

Moreover, he said that Governments can force the companies to get access into their servers but they have no servers and the tech is working 100 per cent offline and quite immune to online attacks, besides there are no encryption keys as it is generated on the spot by the user. 

“There is nothing called “non-hackable” and if somebody puts his hand on the dedicated device and injects a spyware or malware into it, it is hacked but it is very difficult to hack remotely as it is always offline,” he added.

They have about 200 companies with a lot of users worldwide, including South Korea, South America, Latin America, Japan, Hong Kong, Singapore and Europe. 

“We are planning to enter the Middle East markets and looking for strategic partners. The subscription fee is $1,000 per month per license,” he said.

Related Posts:



Sign up to receive top stories every day

- Advertisement -

Latest News

Locad raises $9m to spread wings into UAE and Saudi Arabia

Locad new funding will also be used to enhance Locad's AI-driven smart logistics capabilities.

UAE stands at helm of tech-driven banking revolution in Mideast

UAE commands major portion of region’s $3.2tr banking assets and aims at establishing a global benchmark.

India takes regulatory action against WhatsApp and fines $25.4m

CCI directes WhatsApp to cease sharing of user data with other applications owned by Meta Platforms
- Advertisement -
- Advertisement -

More Articles

- Advertisement -