Forty-five countries, including India, were identified in which the spyware was being used
NEW DELHI — Pegasus, NSO Group’s spy software, has been under the scanner over its surveillance activities for a while now as global investigation by 16 media organisations had revealed the scandalous mass surveillance by the Israeli company.
At least 300 people are believed to have been targeted, including two serving ministers in the Narendra Modi government, three Opposition leaders including Rahul Gandhi, one constitutional authority, several journalists and business persons.
Forty-five countries, including India, were identified in which the spyware was being used, by The Citizen Lab, a Canadian cybersecurity organisation, which published a comprehensive report in 2018.
In October 2019, WhatsApp revealed that journalists and human rights activists in India had been targets of surveillance by operators using Pegasus.
What is Pegasus?
Pegasus is the hacking software – or spyware – that is developed, marketed and licensed to governments around the world by the Israeli company’s NSO Group that was set up on January 25, 2010. It can be installed on your smartphones by an attacker to track all of your device’s activity.
It has the capability to infect billions of phones running either iOS or Android operating systems.
The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
The spyware originally made headlines in 2016, when UAE human rights activist Ahmed Mansoor received a text message on his phone about tortured prisoners in the country with a link, which he sent to researchers at Citizen Lab. After the investigation, it was found that the links were linked back to infrastructure belonging to the NSO Group.
The spyware has evolved a lot since then, and has now managed to become a zero-click attack. This means that the targetted user is not required to perform any action to install the spyware, thus making it impossible to detect or stop.
How Pegasus works?
Pegasus allows the attacker to gain control over a targetted user’s device without any human interaction. It relies on exploiting software, which receives data before the device can determine if the data is coming in from a trustworthy source or not.
On Apple smartphones, the spyware was taking advantage of a vulnerability in the mail app, which was reportedly patched in April 2020. After that, the exploit targeted the Apple Wireless Device Link (AWDL), which has also since been patched.
On Android devices, the spyware was targeting a vulnerability in the graphics library of phones running version 4.4.4 and beyond. Many attackers have also exploited vulnerabilities in Whatsapp.
Detection of Pegasus and other zero-click attacks has become a lot harder, especially in encrypted environments where there is no visibility on the data packets.
However, users can still take a few steps to protect themselves. The first step would be to keep your smartphone up to date, to ensure that there are patches available for vulnerabilities that have been spotted.
The second would be to not sideload any apps to the operating system.
Lastly, users can also stop using apps and switch to checking emails, social media and more on the web browser.
What is NSO?
The NSO Group is a private company based in Israel that is a leading maker of spyware. Its signature product, Pegasus, is designed to break into iPhones and Android devices.
Founded in 2010, the company says it has 60 government customers in 40 countries. The company, which also has offices in Bulgaria and Cyprus, reportedly has 750 employees and recorded revenue of more than $240 million last year, according to Moody’s. It’s majority-owned by Novalpina Capital, a London-based private-equity firm.
(Based on media reports)