Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    Loans
    Loans
    HomeNewsTechnologyExplained | Everything you need to know about Pegasus: The Israeli spyware used to snoop on politicians, activists and journalists

    Explained | Everything you need to know about Pegasus: The Israeli spyware used to snoop on politicians, activists and journalists

    The spyware was discovered on the phones of many prominent journalists and activists

    Rohith Bhaskar
    July 19, 2021 / 15:44 IST
    The spyware was discovered on the phones of many prominent journalists and activists
    We live our lives within the borders of our home, our haven away from the pressures of the world but, in an online world, we forget that our privacy is no longer sacred. It is simply a lock that needs a key. Pegasus is that key. A surveillance tool at heart, the spyware has been covertly installed onto the smartphones of prominent journalists and activists around the world. The intention is clear, and the threat real. What is Pegasus? Created by Israeli cyber intelligence firm NSO Group, Pegasus exists to help law enforcement battle crime. The NSO says that it intended to "develop best-in-class technology to help government agencies detect and prevent terrorism and crime." Somewhere along the line, those priorities have changed. Thanks to leaks from prominent publications such as The Guardian, we know that it targeted and monitored specific individuals to gather data. The NSO has confirmed the existence of the spyware but has said that it only sells the tool to governments and is not responsible for its misuse. Pegasus first achieved prominence in 2016 when discovered on a smartphone that belonged to a human rights activist. Since then, it has stayed in the limelight. Facebook even went to court and sued NSO Group for making the tool.  The lawsuit also shed light on the extent NSO was willing to go to keep their tool relevant. Facebook claimed that the attackers had reverse-engineered the WhatsApp app to send malicious code over the network. 

    Will Cathcart, WhatsApp CEO put out a tweet and urged the governments to hold abusers of spyware responsible

    What makes the software worrisome is that its installation is covert and hard to trace. There are a variety of exploits that Pegasus can use to slither its way into a phone. How does Pegasus work? There are a variety of exploits that Pegasus targets to install itself onto a smartphone. The simplest way is to get the user to click on an infected link or use a voice call vulnerability in WhatsApp that allows installation simply by placing one missed call. The tool also deletes the call logs afterwards, so you have no way of knowing what happened. The more recent traces have used an exploit called zero-click. This vulnerability allows Pegasus to become operational without needing any user input. On iPhones, this was possible using a weakness in the mail app where a threat actor could send remote code with mail that consumed large amounts of memory. Apple reportedly patched this in 2020. On Android, this exploits the operating system's graphics library. A threat actor could send hundred's of multimedia messages and brute force its way into Android's memory system to run remote code. Google and Samsung both confirmed that they had patched this bug. Other exploits include Apple's Wireless Device Link, the peer-to-peer networking protocol used by iOS devices to talk to each other. Apple acknowledged that it was powerful enough to shut off and reboot systems before being patched. Despite the security updates and patches, Amnesty international confirmed that Pegasus still managed to infiltrate Android and iPhones as recently as July 2021. Once Pegasus finds its way onto a smartphone, it operates with all possible permissions. It can track your call logs, monitor your calls, access your camera to record video and use your microphone to record audio. It can read your browsing history and collect information on your app activities. It can read your inputs and, it can even use your GPS to track your current location.All of the data from the smartphone is extracted and sent to the threat actor. This process is invisible and hard to detect. 

    The implication that government's around the world use Pegasus to spy on innocent journalists and activists is chilling. With our thoughts already soured by this revelation, we can only guess what lies behind the curtain.

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    Rohith Bhaskar
    first published: Jul 19, 2021 03:16 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347