Oddbean new post about | logout
 What is Pegasus?

Pegasus is targeted cellphone malware by the NSO Group sold to governments.
It's regularly used against human rights activists.

How can you stop Pegasus?

Well, you can't stop it per say (except step 6 below). But you can reduce risk with SOME of the steps below:

1) GrapheneOS reduces buffer overflows with a hardened memory malloc

2) Always use a VPN for the DNS.  Avoid trusting ISP DNS

3) Don't activate SMS from cell towers and use VoIP only via WiFi

4) Avoid a SIM card, then use an external WiFi FOSS router that you own such as:

In your home: DD-WRT, Open-WRT, (w/) OPNSense or pfSense
Tiny on the go: Rasberry Pi with OpenWRT, or GL.inet,

You can put a USB modem on GLinet then you'd have portable WiFi access, but with physical isolation from the internet source.   Then you only flow encrypted VPN traffic through the router.

If you're too lazy to do this, then an external ISP-provided hotspot over in-phone SIM.

5) Pegasus can work off being sent a link.  When your friends send you random website links on mobile, then look at it without JavaScript.  Privacy Browser & Tor mobile both have a good toggle switches.  (or look at it on PC)

6) You could consider a tiny PC w/ WiFi such as LattePanda or Rasberry Pi INSTEAD of a phone because these have no internal cell tower baseband modem.  The default Pi distro can do Signal, or for example:
lattepanda.com/lattepanda-sigma

Some will think this is extreme, but you can only do SOME of the choices depending on your situation