search

extratone / bilge

Documentation for The Psalms - my blog about software’s intersection with culture. Not just for the website - for the entire process (correspondence, notetaking, drafting, *revising*, editorializing, promoting, discussing, and even reflecting.)
https://bilge.world
Other
42 stars 4 forks source link

Pegasus #201

Open extratone opened 3 years ago

extratone commented 3 years ago

"Pegasus (spyware) - Wikipedia"

By ** ''

This article documents a current event. Information may change rapidly as the event progresses, and initial news reports may be unreliable. The latest updates to this article may not reflect the most current information. Please feel free to improve this article (but note that updates without valid and reliable references will be removed) or discuss changes on the talk page. _(July 2021)__ (Learn how and when to remove this template message)_

Pegasus

NSO Group, the Israeli technology firm that created the spyware

NSO Group, the Israeli technology firm that created the spyware

Developer(s) NSO Group

Operating system iOS, Android

Website https://nsogroup.com

Pegasus is spyware developed by the Israeli cyberarms firm NSO Group that can be covertly installed on mobile phones (and other devices) running most[1] versions of iOS and Android.[2] The 2021 Project Pegasus revelations suggest that current Pegasus software is able to exploit all recent iOS versions up to iOS 14.6.[1] According to the Washington Post and other prominent media sources, Pegasus not only enables the keystroke monitoring of all communications from a phone (texts, emails, web searches) but it also enables phone call and location tracking, while also permitting NSO Group to hijack both the mobile phone's microphone and camera, thus turning it into a constant surveillance device.[3]

The company had previously been owned by American private equity firm Francisco Partners,[4] then bought back by the founders in 2019.[5] NSO states that it provides "authorized governments with technology that helps them combat terror and crime",[6][7] has published sections of contracts requiring customers only to use its products for criminal and national security investigations, and stated that it has an industry-leading approach to human rights.[8] The spyware is named after the mythical winged horse Pegasus—it is a Trojan horse that can be sent "flying through the air" to infect phones.[9]

Pegasus was discovered in August 2018 after a failed attempt at installing it on an iPhone belonging to a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. As of 2016, Pegasus was capable of reading text messages, tracking calls, collecting passwords, tracking location, accessing the target device's microphone and camera,[3] and harvesting information from apps. News of the spyware caused significant media coverage. It was called the "most sophisticated" smartphone attack ever, and was the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected.[6]

On August 23, 2020, according to intelligence obtained by the Israeli newspaper Haaretz, the NSO Group was reported to have sold Pegasus spyware software for hundreds of millions of US dollars to the United Arab Emirates and other Gulf States, for surveillance of anti-regime activists, journalists and political leaders from rival nations, with Israeli government encouragement and mediation.[10] Later, on December 2020, Al Jazeera investigation show The Tip of the Iceberg, Spy partners, showed exclusive footage about Pegasus and its penetration into the phones of media professionals and activists, used by Israel to eavesdrop on its opponents and even its allies.[11][12]

In July 2021, widespread media coverage part of the Project Pegasus revelations along with an in-depth analysis by human rights group Amnesty International uncovered that Pegasus was still being widely exploited against high-profile targets. It showed that Pegasus was able to infect all modern iOS versions up to the latest release, iOS 14.6, through a zero-click iMessage exploit[1].

Contents

Discovery

Pegasus' iOS exploitation was identified in August 2016. Arab human rights defender Ahmed Mansoor received a text message promising "secrets" about torture happening in prisons in the United Arab Emirates by following a link. Mansoor sent the link to Citizen Lab, who investigated, with the collaboration of Lookout, finding that if Mansoor had followed the link it would have jailbroken his phone and implanted the spyware into it, in a form of social engineering.[13] Citizen Lab linked the attack to the NSO Group.

Regarding how widespread the issue was, Lookout explained in a blog post: "We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code" and pointed out that the code shows signs of a "kernel mapping table that has values all the way back to iOS 7" (released 2013).[14] _The New York Times and The Times of Israel_ both reported that it appeared that the United Arab Emirates was using this spyware as early as 2013.[15][16][17]

Several lawsuits outstanding in 2018 claimed that NSO Group helped clients operate the software and therefore participated in numerous violations of human rights initiated by its clients.[17] Two months after the murder and dismemberment of _Washington Post_ journalist Jamal Khashoggi, a Saudi human rights activist, in the Saudi Arabian Consulate in Istanbul, Turkey, Saudi dissident Omar Abdulaziz, a Canadian resident, filed suit in Israel against NSO Group, accusing the firm of providing the Saudi government with the surveillance software to spy on him and his friends, including Khashoggi.[3]

Spyware details

The spyware can be installed on devices running certain versions of iOS, Apple's mobile operating system, as well as some Android devices.[1] Rather than being a specific exploit, Pegasus is a suite of exploits which uses many vulnerabilities in the system. Infection vectors include clicking links, the Photos app, the Apple Music app, and iMessage. Some of the exploits Pegasus uses are zero-click—that is, they can run without any interaction from the victim. Once installed, Pegasus has been reported to be able to run arbitrary code, extract contacts, call logs, messages, photos, web browsing history, settings,[18] as well as gather information from apps including but not limited to communications apps iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype.[19]

At the 2017 Security Analyst Summit held by Kaspersky Lab, researchers revealed that Pegasus was available for Android in addition to iOS; Google refers to the Android version as Chrysaor, the brother of the winged horse Pegasus. Its functionality is similar to the iOS version, but the mode of attack is different. The Android version tries to gain root access (similar to jailbreaking in iOS); if it fails, it asks the user for permissions that enable it to harvest at least some data. At the time Google said that only a few Android devices had been infected.[20]

Pegasus hides itself as far as is possible and self-destructs in an attempt to eliminate evidence if unable to communicate with its command-and-control server for over 60 days, or if on the wrong device. Pegasus can also do this on command.[20]

Pegasus Anonymizing Transmission Network

Human rights group Amnesty International reported in the 2021 Project Pegasus revelations that Pegasus employs a sophisticated command-and-control (C&C) infrastructure to deliver exploit payloads and send commands to Pegasus targets. There are at least four known iterations of the C&C infranstructure, dubbed the Pegasus Anonymizing Transmission Network (PATN) by NSO group, each encompassing up to 500 domain names, DNS servers, and other network infrastructure. The PATN reportedly utilizes techniques such as registering high port numbers for their online infrastructure as to avoid conventional Internet scanning. PATN also uses up to three randomised subdomains unique per exploit attempt as well as randomised URL paths.[1]

Misuse

Although Pegasus is stated as intended to be used against criminals and terrorists,[8] use by authoritarian governments to spy on critics and opponents has often been reported.

Scandal in India

In late 2019, Facebook initiated a suit against NSO, claiming that Pegasus had been used to intercept the WhatsApp communications of a number of activists, journalists, and bureaucrats in India, leading to accusations that the Indian government was involved.[21][22][23]

Phone numbers of Indian ministers, opposition leaders and journalists were found on a database of NSO hacking targets by Project Pegasus in 2021.[24][25][26]

Use by Mexican drug cartels

Reversing the intended use against criminals, Pegasus has been used to target and intimidate Mexican journalists by drug cartels and cartel-entwined government actors.[27][28]

Assassination of Jamal Khashoggi

Main article: Assassination of Jamal Khashoggi

Pegasus software, whose sales are licensed by the Government of Israel to foreign governments, helped Saudi Arabia to spy on a Saudi dissident's smartphone and track his communication with journalist Jamal Kashoggi, who was assassinated in 2018.[29]

Project Pegasus revelations

Main article: Project Pegasus revelations

A leak of a list of over 50,000 phone number believed to have been identified as those of people of interest by clients of NSO since 2016 became available to Paris-based media nonprofit organisation Forbidden Stories and Amnesty International. They shared the information with seventeen news media organisations in what has been called "Project Pegasus", and a months-long investigation was carried out, which reported from mid-July 2021. The Pegasus Project involved 80 journalists from the media partners: The Guardian (UK), Le Monde (France), Die Zeit (Germany), The Washington Post (USA), Haaretz/TheMarker (Israel), Süddeutsche Zeitung, Aristegui Noticias, Radio France, Proceso, OCCRP, Knack, Le Soir, The Wire, Daraj,[30] Direkt36 (Hungary),[31] and PBS Frontline.[32] Evidence was found that many phones with numbers in the list had been targets of Pegasus spyware.[8]

Vulnerabilities

Lookout provided details of the three iOS vulnerabilities:[14]

As of July 2021, Pegasus likely uses many exploits, some not listed in the above CVEs.[1]

Reactions

News

News of the spyware received significant media attention,[18][34][35][36][37] particularly for being called the "most sophisticated" smartphone attack ever,[38][39] and, for being the first detection of a remote Apple jailbreak exploit.[40]

NSO Group comment

Dan Tynant of _The Guardian_ wrote an article that featured comments from NSO Group, where they stated that they provide "authorized governments with technology that helps them combat terror and crime", although the Group told him that they had no knowledge of any incidents.[41]

Bug-bounty program skepticism

In the aftermath of the news, critics asserted that Apple's bug-bounty program, which rewards people for finding flaws in its software, might not have offered sufficient rewards to prevent exploits being sold on the black market, rather than being reported back to Apple. Russell Brandom of _The Verge_ commented that Apple's bug-bounty program, which rewards people who manage to find faults in its software, maxes out at payments of $200,000, "just a fraction of the millions that are regularly spent for iOS exploits on the black market". He goes on to ask why Apple doesn't "spend its way out of security vulnerabilities?", but also writes that "as soon as [the Pegasus] vulnerabilities were reported, Apple patched them—but there are plenty of other bugs left. While spyware companies see an exploit purchase as a one-time payout for years of access, Apple’s bounty has to be paid out every time a new vulnerability pops up." Brandom also wrote; "The same researchers participating in Apple’s bug bounty could make more money selling the same finds to an exploit broker." He concluded the article by writing; "It's hard to say how much damage might have been caused if Mansoor had clicked on the spyware link... The hope is that, when the next researcher finds the next bug, that thought matters more than the money."[42]

See also

References

  1. ^ a b c d e f "Forensic Methodology Report: How to catch NSO Group's Pegasus". www.amnesty.org. Retrieved July 19, 2021.
  2. **** Timberg, Craig; Albergotti, Reed; Guéguen, Elodie (July 19, 2021). "Despite the hype, iPhone security no match for NSO spyware - International investigation finds 23 Apple devices that were successfully hacked". _The Washington Post_. Retrieved July 19, 2021.
  3. ^ a b c Boot, Max (December 5, 2018). "An Israeli tech firm is selling spy software to dictators, betraying the country's ideals". The Washington Post. Retrieved April 19, 2019.
  4. **** Marczak, Bill; Scott-Railton, John (August 24, 2016). "The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender". Citizen Lab. Retrieved December 21, 2016.
  5. **** Amitai Ziv "Israeli Cyberattack Firm NSO Bought Back by Founders at $1b Company Value; Two founders are partnering with European private equity fund Novalpina to purchase the controversial firm from Francisco Partners" February 14, 2019, Haaretz
  6. ^ a b Franceschi-Bicchierai, Lorenzo (August 26, 2016). "Government Hackers Caught Using Unprecedented iPhone Spy Tool". [Motherboard (website)](/wiki/Motherboard(website))_. Vice Media. Retrieved May 15, 2019.
  7. **** "What is Pegasus spyware and how does it hack phones?". _The Guardian_. July 18, 2021. Retrieved July 19, 2021.
  8. ^ a b c Kirchgaessner, Stephanie; Lewis, Paul; Pegg, David; Cutler, Sam (July 18, 2021). "Revealed: leak uncovers global abuse of cyber-surveillance weapon". The Observer.
  9. **** Bouquet, Jonathan (May 19, 2019). "May I have a word about… Pegasus spyware". The Guardian.
  10. **** "With Israel's Encouragement, NSO Sold Spyware to UAE and Other Gulf States". Haaretz. Retrieved August 23, 2020.
  11. **** "Al Jazeera journalists 'hacked via NSO Group spyware'". BBC News. December 21, 2020. Retrieved March 10, 2021.
  12. **** "Al Jazeera journalists hacked using Israeli firm's spyware". Al Jazeera. Retrieved March 10, 2021.
  13. **** Lee, Dave (August 26, 2016). "Who are the hackers who cracked the iPhone?". _BBC News_.
  14. ^ a b "Sophisticated, persistent mobile attack against high-value targets on iOS". Lookout. August 25, 2016. Retrieved December 21, 2016.
  15. **** Kirkpatrick, David; Ahmed, Azam (August 31, 2018). "Hacking a Prince, an Emir and a Journalist to Impress a Client". _The New York Times_. Retrieved August 31, 2018.
  16. **** Perlroth, Nicole (September 2, 2016). "How Spy Tech Firms Let Governments See Everything on a Smartphone". _The New York Times_. Retrieved August 31, 2018.
  17. ^ a b "Lawsuits claim Israeli spyware firm helped UAE regime hack opponents' phones". _The Times of Israel_. August 31, 2018. Retrieved August 31, 2018.
  18. ^ a b Perlroth, Nicole (August 25, 2016). "IPhone Users Urged to Update Software After Security Flaws Are Found". _The New York Times_. Retrieved December 21, 2016.
  19. **** Fox-Brewster, Thomas (August 25, 2016). "Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text". Forbes. Retrieved December 21, 2016.
  20. ^ a b John Snow (August 17, 2017). "Pegasus: The ultimate spyware for iOS and Android". Kaspersky Daily.
  21. **** Bhattacharya, Ananya. "What is Pegasus and how did it target Indians on WhatsApp?". Quartz. Retrieved March 10, 2021.
  22. **** "Did Indian Govt Buy Pegasus Spyware? Home Ministry's Answer Is Worrying". HuffPost. November 19, 2019. Retrieved March 10, 2021.
  23. **** "Indian Activists, Lawyers Were 'Targeted' Using Israeli Spyware Pegasus". The Wire. Retrieved March 10, 2021.
  24. **** "Phones Of Indian Politicians, Journalists Hacked Using Pegasus: 10 Facts On Report". NDTV. Retrieved July 19, 2021.
  25. **** "Pegasus spyware used to 'snoop' on Indian journalists, activists". _The Hindu. Special Correspondent. July 19, 2021. [ISSN](/wiki/ISSN(identifier)) 0971-751X. Retrieved July 19, 2021.
  26. **** "Phones of 2 Ministers, 3 Opp leaders among many targeted for surveillance: report". _The Indian Express_. July 19, 2021. Retrieved July 19, 2021.
  27. **** "'It's a free-for-all': how hi-tech spyware ends up in the hands of Mexico's cartels". The Guardian. December 7, 2020.
  28. **** Ahmed, Azam, and Perlroth, Nicole, "Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families", _The New York Times_, June 19, 2017
  29. **** Kirkpatrick, David D. (December 2, 2018). "Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says (Published 2018)". The New York Times. ISSN 0362-4331. Retrieved March 10, 2021.
  30. **** "Israel Helped Over Ten Countries Tap Over 50,000 Phones". Daraj. July 18, 2021.
  31. **** "Direkt36". Direkt36 (in Hungarian). Retrieved July 19, 2021.
  32. **** "About The Pegasus Project". Forbidden Stories. Retrieved July 19, 2021.
  33. **** Esser, Stefan (September 5, 2016). "PEGASUS iOS Kernel Vulnerability Explained – Part 2". SektionEins GmbH. Retrieved August 31, 2019.
  34. **** Szoldra, Paul (August 26, 2016). "Inside 'Pegasus,' the impossible-to-detect software that hacks your iPhone". _Business Insider_. Axel Springer SE. Retrieved December 21, 2016.
  35. **** Roettgers, Janko (August 26, 2016). "This App Can Tell if an iPhone Was Hacked With Latest Pegasus Spy Malware". [Variety](/wiki/Variety(magazine))_. Retrieved December 21, 2016.
  36. **** Newman, Lily Hay (August 25, 2016). "A Hacking Group Is Selling iPhone Spyware to Governments". [Wired](/wiki/Wired(website))_. Retrieved December 21, 2016.
  37. **** Swartz, Jon; Weise, Elizabeth (August 26, 2016). "Apple issues security update to prevent iPhone spyware". _USA Today_. Retrieved December 21, 2016.
  38. **** Tamblyn, Thomas (August 26, 2016). "What Is The "Pegasus" iPhone Spyware And Why Was It So Dangerous?". HuffPost. AOL. Retrieved December 21, 2016.
  39. **** Khan, Sami (August 27, 2016). "Meet Pegasus, the most-sophisticated spyware that hacks iPhones: How serious was it?". _International Business Times_. IBT Media. Retrieved December 21, 2016.
  40. **** Brandom, Russell (August 25, 2016). "A serious attack on the iPhone was just seen in use for the first time". _The Verge_. Retrieved December 21, 2016.
  41. **** Tynan, Dan (August 25, 2016). "Apple issues global iOS update after attempt to use spyware on activist's iPhone". _The Guardian_. Retrieved December 21, 2016.
  42. **** Brandom, Russell (August 26, 2016). "Why can't Apple spend its way out of security vulnerabilities?". _The Verge_. Retrieved December 21, 2016.

hide

Hacking in the 2010s

2000s Timeline 2020s

Major incidents

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

Groups

Hacktivism

Advanced Persistent Threat

Individuals

Major vulnerabilities
publicly disclosed

Malware

2010

2011

2012

2013

2014

2015

2016

2017

2019

-"Pegasus (spyware) - Wikipedia"

extratone commented 3 years ago

"A serious attack on the iPhone was just seen in use for the first time"

'Aug 25, 2016 at 13:23'

Earlier this month, an Emirati human rights activist named Ahmed Mansoor got a suspicious text. It promised new details of torture in the country’s state prisons, along with a link to follow if he was interested. If Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted it with malware, capable of logging encrypted messages, activating the microphone and secretly tracking its movements.

The attack is detailed in a new report from Citizen Lab and Lookout Security, which received the link directly from Mansoor. The malware targets three previously undisclosed vulnerabilities in iOS, allowing for arbitrary code execution, access to kernel memory, and access to kernel privileges. When combined, those vulnerabilities allow for a remote jailbreak of an iOS device, a long sought-after capability that has never been previously observed in an active campaign.

On discovering the vulnerabilities, Citizen Lab and Lookout reported them to Apple, and fixes for the vulnerabilities have been patched with today’s release of iOS 9.3.5.

Citizen Lab linked the attack to a private Israeli spyware company known as NSO group, although it’s unclear how the exploits were first discovered. Earlier this year, the exploit broker Zerodium offered and awarded a million-dollar bounty for remote jailbreaking capability in iOS 9, which Citizen Lab notes is similar to the exploit used against Mansoor.

Apple recently launched its own bug bounty to encourage disclosure of such vulnerabilities. The highest bounty, up to $200,000, was offered for vulnerabilities that compromise the secure boot firmware.

The attack is likely to reignite the debate over private sector malware companies, which have drawn harsh criticism for selling intrusion software to oppressive regimes in Uganda, Ethiopia, and Bahrain.

How to fake a fingerprint and break into a phone

-"A serious attack on the iPhone was just seen in use for the first time"

extratone commented 3 years ago

"Here’s how to check your phone for Pegasus spyware using Amnesty’s tool"

'Jul 21, 2021 at 16:45'

Illustration by Alex Castro / The Verge

Amnesty International — part of the group that helped break the news of journalists and heads of state being targeted by NSO’s government-grade spyware, Pegasus — has released a tool to check if your phone has been affected. Alongside the tool is a great set of instructions, which should help you through the somewhat technical checking process. Using the tool involves backing up your phone to a separate computer and running a check on that backup. Read on if you’ve been side-eyeing your phone since the news broke and are looking for guidance on using Amnesty’s tool.

The first thing to note is the tool is command line or terminal based, so it will take either some amount of technical skill or a bit of patience to run. We try to cover a lot of what you need to know to get up and running here, but it’s something to know before jumping in.

It will take some amount of technical skill or a bit of patience

The second note is that the analysis Amnesty is running seems to work best for iOS devices. In its documentation, Amnesty says the analysis its tool can run on Android phone backups is limited, but the tool can still check for potentially malicious SMS messages and APKs. Again, we recommend following its instructions.

To check your iPhone, the easiest way to start is by making an encrypted backup either using iTunes or Finder on a Mac or PC. You’ll then need to locate that backup, which Apple provides instructions for. Linux users can follow Amnesty’s instructions on how to use the libimobiledevice command line tool to create a backup.

Featured Videos From The Verge

2022 Mercedes-Benz EQS: an electric S-Class with a 400-mile range

The 2022 Mercedes-Benz EQS is an electric S-Class sedan with over 400 miles of range and a massive 56-inch touchscreen. The interior is packed with luxuriantly appointed features, and ride quality is refined. But do we really need more luxury EVs?

After getting a backup of your phone, you’ll then need to download and install Amnesty’s mvt program, which Amnesty also provides instructions for.

If you’re using a Mac to run the check, you’ll first need to install both Xcode, which can be downloaded from the App Store, and Python3 before you can install and run mvt. The easiest way to obtain Python3 is using a program called Homebrew, which can be installed and run from the Terminal. After installing these, you’ll be ready to run through Amnesty’s iOS instructions.

You’ll want to make sure your iPhone’s backup is encrypted with a password

If you run into issues while trying to decrypt your backup, you’re not alone. The tool was giving me errors when I tried to point it to my backup, which was in the default folder. To solve this, I copied the backup folder from that default location into a folder on my desktop and pointed mvt to it. My command ended up looking like this:

(For illustration purposes only. Please use commands from Amnesty’s instructions, as it’s possible the program has been updated.)

mvt-ios decrypt-backup -p PASSWORD -d decrypt ~/Desktop/bkp/orig

When running the actual scan, you’ll want to point to an Indicators of Compromise file, which Amnesty provides in the form of a file called pegasus.stix2. Those who are brand-new to using the terminal may get tripped up on how to actually point to a file, but it’s relatively simple as long as you know where the file is. For beginners, I’d recommend downloading the stix2 file to your Mac’s Downloads folder. Then, when you get to the step where you’re actually running the check-backup command, add

-i ~/Downloads/pegasus.stix2

into the option section. For reference, my command ended up looking like this. (Again, this is for illustration purposes only. Trying to copy these commands and run them will result in an error):

mvt-ios check-backup -o logs --iocs ~/Downloads/pegasus.stix2 ~/Desktop/bkp/decrypt

(For reference, the ~/ is more or less acting as a shortcut to your user folder, so you don’t have to add in something like /Users/mitchell.)

Again, I’d recommend following along with Amnesty’s instructions and using its commands, as it’s always possible that the tool will have been updated. Security researcher @RayRedacted on Twitter also has a great thread going through some of the issues you may run into while running the tool and how to deal with them.

The investigation didn’t find evidence that US phones had been breached by Pegasus

As a final note, Amnesty only provides instructions for installing the tool on macOS and Linux systems. For those looking to run it on Windows, The Verge has confirmed the tool can be used by installing and using Windows Subsystem for Linux (WSL) and following Amnesty’s Linux instructions. Using WSL will require downloading and installing a Linux distro, like Ubuntu, which will take some time. It can, however, be done while you wait for your phone to backup.

After running mvt, you’ll see a list of warnings that either list suspicious files or behavior. It’s worth noting that a warning doesn’t necessarily mean you’ve been infected. For me, some redirects that were totally above board showed up in the section where it checked my Safari history (sheets.google.com redirecting to docs.google.com, reut.rs redirecting to reuters.com, etc). Likewise, I got a few errors, but only because the program was checking for apps that I don’t have installed on my phone.

The story around Pegasus has likely left many of us regarding our phones with a bit more suspicion than usual, regardless of whether we’re likely to be targeted by a nation-state. While running the tool could (hopefully) help to ease some fears, it’s probably not a necessary precaution for many Americans. NSO Group has said its software cannot be used on phones with US numbers, according to The Washington Post, and the investigation didn’t find any evidence that US phones had been successfully breached by Pegasus.

While it’s nice to see that Amnesty made this tool available with solid documentation, it only really helps to address the privacy concerns around Pegasus. As we’ve seen recently, it doesn’t take a government targeting your phone’s microphone and camera to get private information — the data broker industry could be selling your location history even if your phone is Pegasus-free.

-"Here’s how to check your phone for Pegasus spyware using Amnesty’s tool"