Pegasus : All you need to know about it
The Pegasus Project has uncovered more than 50,000 phone numbers that were targeted by spyware created by an Israeli software company called NSO Group. On the list were 300 verified phone numbers in India, including those of ministers, opposition leaders, a sitting judge, more than 40 journalists, and several activists and businesspersons.
What is Pegasus?
Pegasus is a spyware that is a malicious software designed to enter your computer device, gather your data, and forward it to a third party without your consent.
This Pegasus, developed by NSO Group, is the most powerful spyware ever created. It is designed to infiltrate smartphones — Android and iOS — and turn them into surveillance devices.
The Israeli company, however, markets it as a tool to track criminals and terrorists — for targeted spying and not mass surveillance. NSO Group sells the software to governments only. A single licence, which can be used to infect several smartphones, can cost up to Rs 70 lakh. According to a 2016 price list, NSO Group charged its customers $650,000 to infiltrate 10 devices, plus an installation fee of $500,000.
How does Pegasus work?
Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means a phone could be infected even if it has the latest security patch installed.
A previous version of the spyware — from 2016 — infected smartphones using a technique called “spear-fishing”. Spear fishing is a method by which text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent versions.
By 2019, Pegasus could infiltrate a device with a missed call on WhatsApp and could even delete the record of this missed call, making it impossible for the user to know they had been targeted. In May that year, WhatsApp said Pegasus had exploited a bug in its code to infect more than 1,400 Android phones and iPhones this way, including those of government officials, journalists and human rights activists. It soon fixed the bug.
Pegasus also exploits bugs in iMessage, giving it backdoor access to millions of iPhones. The spyware can also be installed over a wireless transceiver (radio transmitter and receiver) located near a target.
What can Pegasus do to us?
Once installed on a phone, Pegasus can intercept and steal any information on it, including SMSs, contacts, call history, calendars, emails and browsing histories. It can use your phone’s microphone to record calls and other conversations. It can also secretly film you with its camera, or track you with GPS.
How to be safe?
- Only open links from known and trusted contacts and sources when using your device.
- Make sure your device is updated with any relevant patches and upgrades.
- Try to limit physical access to your phone. Do this by enabling pin, finger, or face-locking on the device.
- Avoid public and free Wi-Fi services especially when accessing sensitive information.
- Encrypt your device data and enable remote wipe features where available.