Picture for representation
Pegasus, a mobile spyware suite developed by Israeli company NSO Group, has been used to spy on a number of human rights activists and journalists from across the globe and India. The spyware took advantage of a vulnerability found in WhatsApp to get into the mobile devices used by the targeted people and spy on their activities via these mobile devices.
Even though Pegasus was initially thought to infect iOS devices, researchers at security firm Lookout soon discovered another variant of the spyware that was targeting Android devices. Google called this the Android variant of Pegasus, Chrysaor, after the brother of the winged horse Pegasus from Greek mythology.
Today the spyware tool, also known by the name of Q Suite and Pegasus Suite, can spy on pretty much every aspect of the infected device and its owner with capabilities to even access data stored on cloud services behind authentication walls.
In the past, the spyware gained access to a mobile device via web link, which once clicked would lead to the ware installing into the device without the knowledge of the user. In this case, the install was triggered by the perpetrator making a missed call onto the WhatsApp service on the victim’s mobile device.
Among the Indians who are affected by the spyware were Nihalsingh Rathod (a human rights lawyer from Nagpur representing several of the accused in the Bhima Koregaon case), Degree Prasad Chouhan (a lawyer and activist campaigning for the rights of Dalits and Adivasis), Anand Teltumbde (a professor, writer and civil rights activist), Shalini Gera (a human rights lawyer with the Jagdalpur Legal Aid Group), Bela Bhatia (a human rights activist from Chhattisgarh advocating for adivasi rights), Rupali Jadhav (who is part of the cultural group Kabir Kala Manch), Sidhant Sibal (the principal diplomatic and defence correspondent for news channel Wion TV), Shubhranshu Choudhary (a former TV and radio producer with BBC South Asia), and Saroj Giri (an assistant professor in the Political Science department at Delhi University).
According to NSO Group, the Israeli cyber arms company, which created the spyware, only licenses its product to vetted and legitimate government agencies.
How does Pegasus work and what does it do?
The spyware enters the phone in the guise of a web link (exploit link), which when clicked or activated will install the spyware into the device without the knowledge of the user.
Once in, the spyware can be controlled remotely from a command-and-control(C&C) server used by the perpetrator in order to access and control features like SMS, contact lists, instant messaging apps, emails, microphone, camera etc. on the infected device.
According to a report from the Financial Times, the latest variant of Pegasus suite is also said to be capable of accessing not just data on the mobile device but also data from servers of cloud services from the likes of Apple, Google, Amazon and Microsoft that are linked onto the device, even bypassing two- factor authentication.
The spyware also has a built-in fail-safe to avoid detection. The spyware program will wait for a period of 60 days to establish communication with the C&C server, failing which it will self destruct. The same will also happen if the spyware detects that it was installed on the wrong device or with the wrong SIM card.
WhatsApp vulnerabilities, the new spyware gateway
WhatsApp has been in the news of late for being the entry point for spyware not just in the case of the recent Pegasus incident but also in the case of the case of Tibetan groups being targeted with 1-Click mobile exploits, which Citizen Labs reported in September this year.
WhatsApp, meanwhile, is fighting a lawsuit regarding the traceability of its messages. The Supreme Court is now going to hear all cases related to regulation of social media platforms. Meanwhile, on October 31, the government stepped in and asked Whatsapp to explain the Pegasus/Chrysaor incident.