NSO Group, which is a software company from Israel, created the Pegasus Spyware. This is spyware that governments have used worldwide to spy on specific key target individuals, including those in India and other countries. Read on to know what this software is, who can use it, how the devices can be infected, and precisely what it does.
What is Pegasus?
This is spyware, which is malicious software created to enter a computer or a mobile device. Once it has entered your device, then it would gather your information, which is then forwarded, without your approval, to a third party. Pegasus, created by the NSO group, is probably the most powerful one out there. This was developed to work on iOS and Android smartphones, which then makes them devices for surveillance.
However, the company markets this software as a tool for tracking terrorists and criminals, which means the spying would be targeted and not used for mass surveillance. This software is sold only to governments across the globe, and owning a single license can be used to infect numerous smartphones and can cost around $650,000, to track 10 devices. This also has an installation cost of approximately $500,000, which means it isn’t for mass marketing or business usage.
How Does Pegasus Work?
This software uses bugs or vulnerabilities that are undiscovered in iOS and Android. This means that your phone might be infected even after installing the most recent security patch. For example, in a 2016 version of the software, various smartphones had been infected using the “spear-fishing” technique, which means using emails or text messages with malicious links. Of course, this would depend on the specific target clicking on this link, which was later done away within updated versions. Pegasus can also convert a mobile device into a spying device by switching on the phone camera and microphone.
During 2019 the software would infiltrate these devices with a simple missed call over WhatApp, and it could even delete any record of this missed call. This makes it nearly impossible for any target to know that they were on the list and being monitored. In May 2019, WhatsApp stated that Pegasus had indeed exploited one of the bugs in their codes to infect over 1,5000 iPhone and Android phones using that method. This included human rights activists, journalists, and various government officials. NSO was subsequently sued by WhatApp in a US court.
There is also a bug iMessage used by Pegasus, which gives it easy access to millions and millions of iPhones worldwide. This spyware can also be installed using a wireless transmitter, including a radio transmitter and a receiver, when placed near the target.
What Can Pegasus Do?
Once this spyware is installed, it can intercept or steal any information that the device contains. This includes text messages, browsing history, emails, calendars, call history and even contact information. This can also access your GPS to track where you are going, secretly capture videos or photographs using your camera, or even use the microphone to record your conversations or phone calls.
Who Can Use Pegasus?
Claims by the NSO Group say they only work with authorized government organizations. It is publicly known that both the Panamanian and Mexican governments are using Pegasus along with many more. they have some 60 customers in 40 countries, and they said that 50% of those customers are Intelligence agencies, 11% military, and 38% are law enforcement agencies. At present, there is a broiling controversy spurred by Project Pegasus, an investigation by journalists worldwide along with French NGO Forbidden Stories and Amnesty International.
This investigation has brought to light 10 countries, namely, Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates, and India that have been surveilling their citizens, journalists, activists, opposition ministers, and in general anyone deemed as persons of interest by the government.
The Project Pegasus is raising moral questions about the general citizen’s data security, and at what point it becomes fair to use taxpayer money to purchase an exorbitantly priced software to target, and spy on those very taxpayers for electoral gains and other administrative agendas. India’s investigative partner on the current Project Pegasus investigative operation is The Wire. Their hard work and fearless journalism cannot be overestimated in this regard.
What is Pegasus’ Current Status?
If it’s any consolation, the public uproar is regarding the past exploits and iOS was patched by Apple through the iOS security update 9.3.5 when the information was released that the spyware was using those loopholes to hack into their devices.
Google identifies the compromised Android phones and disables the malware. Google also notifies the targets and has created patches for the security holes. This means that for users of Android 11 or iOS 14 the security concerns have been effectively dealt with. But this does not guarantee that your phone can’t be hacked into in the future since no phone or computer is completely hack-proof. The best one can do at this point is to keep apps and software updated with all the latest security patches. However, it is entirely possible due to the existence of the NSO group that Pegasus has been updated or has created another spyware that isn’t known about.
Short History Regarding Pegasus
In 2016 the Citizen Lab, a cybersecurity organization of researchers in Canada, first found Pegasus installed on the smartphone of Ahmed Mansoor, who is a human rights activist. The Citizen Lab then published their report, which identified some 45 countries using Pegasus in September 2018, which included India. WhatsApp had also revealed in October 2019 that human rights activists and journalists in India were targeted using Pegasus. In July 2021, it was revealed that various governments were using this to spy on activists, journalists, opposition politicians, and government officials.