Has the head of state’s phone been spied on by a foreign power? The question arises seriously after a consortium of 17 media revealed on Tuesday that Emmanuel Macron, members of the government and journalists are on the list of potential targets of the Pegasus software, selected by a Moroccan security service.
To understand the security and protection issues raised by this case, 20 minutes asked Gérôme Billois, cybersecurity expert at Wavestone.
How does the Pegasus software, marketed by the Israeli company NSO, work?
Pegasus is spyware that gives access to everything in mobile phones. But first, you have to get into it and, for that, there are several methods: it can be a link sent by e-mail or by message on which the targeted person clicks, which will allow them to take control of their device. It is a very classic method and we know how to protect ourselves from it. What’s new with Pegasus is that it can enter the phone without user action. This can be done simply by sending an iMessage to an iPhone.
Does that mean that the president’s phone was not secure enough?
In the first place, it is not certain that his phone has been hacked. He was in any case on a targeting list. When an intelligence service tries to capture information, its agents list the people who have it. Then they launch the attack, which succeeds or not.
On the other hand, it is not known whether the phones to which the services may have had access contained sensitive information. Important figures, such as members of the government, always have several phones in order to compartmentalize the information they hold.
Shouldn’t members of government use secure telephones?
There are several types, including Teorem [conçu par Thales]. To be protected from attacks by intelligence services, which are ready, to succeed, to invest tens or even hundreds of millions of euros, you must have an extremely secure system.
These devices are often a little heavier, a little less beautiful, we cannot install applications, there is no direct Internet access… All this guarantees security but makes the phone much less easy to use . This is why there is a problem with the adoption of these phones by the managers who should be using them.
Ministers do, however, have the right to maintain some form of daily privacy. And they don’t want to lose the phone they used to use for family contacts. If this personal device is “listened to” by an intelligence service, it will not be very serious. This is why you have to be used to compartmentalizing your communications. And when you attend a sensitive meeting, you leave your personal phone outside the room. Private phones should also be checked regularly to see if they have been attacked.
What is the point of using an application like Pegasus for an intelligence service?
It will depend on who the target is. Once your phone has been hacked, you have access to all of the data inside. We can therefore know everything: with whom the person is talking, what he plans to do, to have information on his health… Our phones, today, are a digital concentrate of our life, everything is inside.