Software security in the age of Pegasus

As you may have heard, Pegasus is a spyware developed by the Israeli firm NSO Group that can be covertly installed on mobile phones running most versions of iOS and Android. And recent revelations suggest that the current Pegasus software can exploit all recent iOS versions up to iOS 14.6 in a zero-click manner, with no human interaction required. For eg – one exploit mode seems to involve placing a WhatsApp voice call and inserting the spyware even if the target never picks up the phone / answers the call. This is the software equivalent of ringing a doorbell and somehow managing to burgle the house even if the door is never opened. I say that in jest of course, but you get the idea..

So how do you defend against something like Pegasus, both from a personal standpoint (safeguarding the personal data on your phone – photos, text messages, etc.) and from a software security standpoint, especially when you are running a technology company that collects customer data, as virtually all companies do.

Here are some tips on how to manage your infrastructure security / software security.