Pegasus Spyware

WhatsApp sued an Israeli firm, the NSO Group in a court in San Francisco for using its platform to spy on journalists and human rights activists worldwide.

• The surveillance was carried out on journalists and human rights activists worldwide on Whatsapp using a spyware tool called Pegasus, which has been developed by the NSO Group.
• NSO Group is an Israeli based cyber-security company that specialises in surveillance technology.
• WhatsApp is the world’s most popular messaging app, with more than 1.5 billion users worldwide. It is owned by Facebook.
• About a quarter of those users (more than 40 crore) are in India, WhatsApp’s biggest market.
• It claims to help governments and law enforcement agencies across the world fight crime and terrorism.
• Whatsapp accused NSO of using its servers to send malware to approximately 1,400 mobile phones and devices (Target Devices) for the purpose of conducting surveillance of specific WhatsApp users (Target Users).
• The surveillance was carried out between April and May 2019 on users in 20 countries across four continents.
• Will Cathcart, the head of WhatsApp told that the surveillance targeted at least 100 human-rights defenders, journalists and other members of civil society across the world.

What is Pegasus?

• Pegasus works by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone.
• A presumably newer version of the malware doesn’t even require a target user to click a link.
• Once Pegasus is installed, the attacker has complete access to the target user’s phone.
• The first reports on Pegasus’s spyware operations emerged in 2016, when Ahmed Mansoor, a human rights activist in the UAE, was targeted with an SMS link on his iPhone.
• The Pegasus tool at that time exploited a software chink in Apple’s iOS to take over the device. So, Apple pushed out an update to fix the issue.
• Pegasus delivers a chain of zero-day exploits to penetrate security features on the phone and installs it without the user’s permission.
• Zero-day exploit  is a completely unknown vulnerability about which even the software manufacturer is unaware, and thus there is no patch or fix available for it.
• In the cases of Apple and WhatsApp, neither was aware of the security vulnerability, which was used to exploit the software and take over the device.
• In May 2019, the Pegasus was being used to exploit WhatsApp and spy on potential targets.
• WhatsApp issued an urgent software update to fix the security bug that was allowing the spyware to exploit the app.

Cyber Security again in Question

• Pegasus can send back the target’s private data, including passwords, messages, live voice calls, etc., from popular mobile messaging apps.
• The target’s phone camera and microphone can be turned on to capture all activity in the phone’s vicinity, expanding the scope of the surveillance.
• Pegasus has the ability to access password-protected devices, being totally transparent to the target, leaving no trace on the device without arousing suspicion in more alert users.
• It has a self-destruct mechanism in case of risk of exposure, and ability to retrieve any file for deeper analysis.