IIG explains: What is 'Pegasus Spyware'? How does it use WhatsApp to hack a device?
A major data leak report is doing rounds everywhere that mentions Pegasus spyware – the same spyware that was in news in 2019 for compromising personal data of scores of WhatsApp users. The snooping database, this time, included over 40 Indian journalists, three major Opposition figures, one constitutional authority, two serving ministers in the Narendra Modi government, current and former heads and officials of security organisations and several businesspersons, The Wire reported.
A number of prominent news websites including The Guardian and The Washington Post published key details revealing the nature of what they called ‘global surveillance operations’ using Pegasus. Edward Snowden, the NSA whistleblower, on Sunday tweeted that this “leak” could be “the story of the year”.
So, the question that remains is – what is Pegasus, how does it work and should you be worried about your data being leaked?
What is Pegasus?
The highly advanced ‘Pegasus’ is a spyware – a malicious software created by Israeli-based cyber intelligence firm NSO Group to hack computers and smartphones in order to gather data and serve it to a third party. The reason it is malicious is that it gathers data without the consent of the person.
However, NSO Group had claimed that their motive was to ‘develop best-in-class technology to help government agencies detect and prevent terrorism and crime’.
Pegasus spyware first came to light in 2016, when an Arab activist received a suspicious message on his iPhone. Subsequently, Apple had released a software update to patch up the loophole used by Pegasus to hack phones. A year later, similar leaks were found in Android phones.
In 2019, Facebook filed a case against NSO for creating Pegasus, which had infected the devices of many prominent figures. WhatsApp, which is owned by Facebook, had said that Indian journalists and human rights activists were among those globally spied upon using Pegasus spyware.
How is Pegasus used to hack a phone?
Deemed as one of the “most sophisticated” hacking tools, Pegasus is so seamless that a phone user might have no clue that their device had been compromised.
Hackers who use Pegasus, install the malware in the users’ phones – mainly iPhones and Android devices – using software loopholes and security bugs. The spyware is so secretive that it gets installed with the help of just a missed call. Once infiltrated, it even deletes the call log entry, so that there is no trace on the gadget.
Apart from data theft, Pegasus can also clear all information from the host device including caller logs, calendar events etc – making sure that the particular data is snatched away from the target person without their notice.
Who should be worried about Pegasus?
Pegasus is the ultimate surveillance tool and if a government wants to spy on someone, it is the go-to spyware to be used. Even encrypted chats on WhatsApp are accessible to Pegasus.
That being said, an average phone user need not worry about the classic Pegasus. Even the latest reports talk about past exploits, not current ones, as far as we know. As a result, if you are using the latest software versions – iOS 14 or Android 11 – and the latest versions of apps like Facebook and WhatsApp, you should be in the clear.
However, your phone is still not hack-proof. The NSO Group that runs Pegasus still exists, which means there is a huge chance that a new version of Pegasus spyware also exists. One would not even know if their phone is being hacked.
But it must also be noted that Pegasus is extremely expensive and according to the NSO Group, it is sold only to government agencies for ‘targeted surveillance’. So, unless a powerful organisation like the government has reason to put you under the radar, you are safe from tools like Pegasus.
Govt’s Take on Data Leak Report
The Union government has dismissed allegations of data snooping on its part on specific people, saying it “has no concrete basis or truth associated with it whatsoever”.
“It is important to note that government agencies have a well-established protocol for interception, which includes sanction and supervision from highly ranked officials in Central and state governments, for clear stated reasons only in the national interest. The allegations regarding government surveillance on specific people have no concrete basis or truth associated with it whatsoever,” Additional Secretary, Electronics and Information Technology, Rajender Kumar said.