ABOUT PEGASUS SPYWARE

 

The Pegasus Project, an investigation by an international media consortium, has revealed that more than 50,000 phone numbers were targeted by a spyware created by NSO Group, an Israeli software company. On the list were 300 verified phone numbers in India, including those of ministers, opposition leaders, a sitting judge, more than 40 journalists, and several activists and business persons.

A spyware is any malicious software designed to enter your computer device, gather your data, and forward it to a third-party without your consent. Pegasus, developed by NSO Group, is perhaps the most powerful spyware ever created. It is designed to infiltrate smartphones — Android and iOS — and turn them into surveillance devices. The Israeli company, however, markets it as a tool to track criminals and terrorists — for targeted spying and not mass surveillance. NSO Group sells the software to governments only. A single licence, which can be used to infect several smartphones, can cost up to Rs 70 lakh. According to a 2016 price list, NSO Group charged its customers $650,000 to infiltrate 10 devices, plus an installation fee of $500,000.

How does it work?

Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means a phone could be infected even if it has the latest security patch installed. A previous version of the spyware from 2016 infected smartphones using a technique called “spear-fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link a requirement that was done away with in subsequent versions. By 2019, Pegasus could infiltrate a device with a missed call on WhatsApp and could even delete the record of this missed call, making it impossible for the user to know they had been targeted. In May that year, WhatsApp said Pegasus had exploited a bug in its code to infect more than 1,400 Android phones and iPhones this way, including those of government officials, journalists and human rights activists. It soon fixed the bug. Pegasus also exploits bugs in iMessage, giving it backdoor access to millions of iPhones. The spyware can also be installed over a wireless transceiver (radio transmitter and receiver) located near a target.

What can it do?

Once installed on a phone, Pegasus can intercept and steal more or less any information on it, including SMSes, contacts, call history, calendars, emails and browsing histories. It can use your phone’s microphone to record calls and other conversations, secretly film you with its camera, or track you with GPS.