Pegasus scandal: The Pegasus scandal has recently resurfaced and revived a massive political row.
- The scandal has resurfaced again nearly two years after it first came to light that sophisticated spyware developed by an Israeli firm could take over the control of mobile phones without the knowledge of the owner.
- This time, the scandal has grown in proportion ensnaring heavyweight politicians and influential figures.
- Recently, a number of prominent news websites, including the Guardian and the Washington Post, published details of what they called global surveillance operations using Pegasus.
- The surveillance reportedly targets journalists, including over 40 journalists in India, activists and other key public figures.
- The reports say that over 10 governments, including India, are involved in the surveillance of people using Pegasus spyware.
Who has been targeted in India?
- In India, more than 40 journalists, three opposition leaders and two ministers in Prime Minister Narendra Modi’s government were reported to be on the list.
- This included the key opposition figure Rahul Gandhi, with two mobile phone numbers belonging to him found in the list.
- However, India’s government has denied using unauthorized surveillance.
What is Pegasus?
- Pegasus is a type of malicious software or malware classified as spyware.
- It is military-grade spyware developed, marketed and licensed to governments across countries by NSO Group, a private Israeli company.
- It can be used to infiltrate smartphones that run on both iOS and Android operating systems and turn them into surveillance devices.
- Those operating the software can even turn on a phone’s camera and microphone to capture activity in the phone’s vicinity.
- The spyware Pegasus is apparently sold to governments around the world by NSO Group, an Israeli company.
How Pegasus allegedly hacks the phone?
- Pegasus method of attack is called zero-click attacks that do not require any interaction from the phone’s owner. The spyware can hack a device simply by giving a missed WhatsApp call.
- It will change call logs without the knowledge of the user.
- Once the spyware enters the device, it installs a module to track call logs, read messages, emails, calendars, internet history and gather location data to send information to the attacker.
- It can also be installed manually on the device or over a wireless transceiver.
- If it fails to connect with its command and control server for more than 60 days or if it is installed on the wrong device or SIM card it can self-destruct and remove all traces.
- An example of such an attack was revealed by WhatsApp in May 2019 when the spyware targeted a vulnerability in its VoIP stack. Simply by placing a WhatsApp call to a target device, Pegasus could be installed on the phone, irrespective of whether the target answered the call or not.
- Most of these attacks exploit vulnerabilities in an operating system that the phone’s manufacturer may not yet know about and so has not been able to fix.
How can a user stay safe from such spyware attacks?
To stay safe a user must follow the following:
Ensure that the software in a device is updated
All apps are installed directly through the official stores
No suspicious email or text should be clicked.
About NSO Group Technologies:
- NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company’s founders) is an Israeli technology firm.
- This company’s spyware called Pegasus enables the remote surveillance of smartphones.
- It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio.
- It employed almost 500 people as of 2017 and is based in Herzliya, near Tel Aviv, Israel.