Smartphones as Surveillance Tools: The Silent Threat of Pegasus and Paragon Spyware
In authoritarian regimes across the globe, smartphones have become powerful surveillance devices—used not just for monitoring movement, but also for tracking online activity and communications. At the heart of this digital espionage is Pegasus, a sophisticated spyware developed by Israeli firm NSO Group, capable of infiltrating phones and turning them into tools for state surveillance.
According to research by The Citizen Lab, an interdisciplinary lab based at the University of Toronto’s Munk School of Global Affairs & Public Policy, Pegasus has been deployed in multiple countries—often under autocratic leadership—to suppress dissent, monitor activists, and enforce censorship.
This is a growing concern in the Kenyan context, where civic activism and scrutiny of government actions have increasingly moved online. Reports of alleged abductions and forced disappearances of vocal critics have underscored fears about state surveillance—especially with mobile phones at the centre of such incidents.
How Pegasus Works
Once installed, Pegasus grants full access to a target’s device. As explained by Citizen Lab senior researcher John Scott-Railton, the spyware can do everything a phone owner can—including reading encrypted messages, tracking GPS locations, listening through the microphone, and accessing cloud-stored data.
Victims of forced disappearances have often reported having their phones confiscated, with some being coerced into revealing passwords. This, experts believe, facilitates the embedding of spyware like Pegasus.
One chilling example is that of a Saudi student in Canada, a vocal critic of the Saudi government. After ordering a package online, he received a seemingly legitimate delivery-tracking link. Clicking on it installed Pegasus—granting the regime unfettered access to his device.
Zero-Click Attacks: The Next Frontier
While traditional spyware attacks rely on user interaction—clicking a link or downloading a file—Pegasus has evolved into a more dangerous form: the zero-click attack. In these instances, the target does nothing. The spyware is silently installed through system vulnerabilities, often without any indication that a breach has occurred.
These zero-click exploits are virtually undetectable and have become favoured methods among authoritarian states due to their precision and stealth.
The Rise of Paragon
Despite international scrutiny on Pegasus, a new spyware—Paragon—has recently emerged. Also developed in Israel, Paragon focuses on messaging apps such as WhatsApp and Signal. Using the same zero-click methodology, Paragon enables attackers to infiltrate devices without the user’s knowledge.
One reported method involves covertly adding a target to a WhatsApp group and sending a PDF document. The victim’s phone opens the file automatically—initiating infection. From there, Paragon spreads to other apps, compromising the entire device—all without a trace on the user’s end.
How to Protect Yourself
Though the presence of Pegasus or Paragon in Kenya has not been publicly confirmed, experts warn the risk is significant—especially in an era where activism, whistleblowing, and criticism are increasingly digital.
Smartphone users are urged to take precautionary steps:
- Regularly update device software to patch security vulnerabilities.
- Monitor for anomalies such as rapid battery drain, unexplained data usage, or overheating.
- Use security-focused apps that can scan for spyware or other intrusions.
- Be wary of suspicious links or unexpected file attachments—even from trusted platforms.
The digital battlefield has shifted, and smartphones are now the frontline. Vigilance, awareness, and responsible usage are the best defenses against invisible surveillance.
