Back in 2019, Pegasus software had come into public attention when reports suggested that several journalists and activists were intimated by WhatsApp about their phones being compromised by spyware.
The highly sophisticated surveillance software is again at the centre of a major controversy. On Sunday, July 18, it was widely reported that documents acquired and evaluated by a international media collaboration showed a list of phone numbers that are claimed to have been potentially targeted for surveillance by an unidentified agency using the Pegasus software. It is reported that over 40 journalists in India were targeted alongside a few other public figures like politicians and activists.
While this is a developing story, it is paramount to understand the software, its history and how it can hack into your smartphone to completely compromise your information.
What is Pegasus software?
Developed by an Israeli tech firm called the NSO Group, Pegasus is a highly sophisticated surveillance software. The NSO Group is well-known for its expertise in creating specialized cyber weapons.
Pegasus first became public knowledge when the software was reportedly used to attempt to hack into the iPhone of an Arab human rights activist in 2016. iPhone maker Apple had then released an iOS update days after the alleged incident, which reportedly patched the vulnerability that was being targeting using Pegasus to hack into its phones.
Next in 2017, cyber security researchers found that the software could also exploit android-based smartphones. The finding led to new security updates. Pegasus has also been at odds with Facebook, which sued the NSO Group for creating the surveillance software in 2019.
Pegasus has been termed as the most sophisticated hacking software available today to intrude phones. The NSO Group has, time and again, claimed that it does not hold responsibility in case of misuse of the Pegasus software. The group claims that it only sells the tool to vetted governments and not individuals or any other entities.
How does Pegasus hack a phone?
The biggest USP of Pegasus for its users is the seamless intrusion it promises where an individual targetted may not even have an idea that their phone is compromised.
There are some reported methods which are employed to compromise a phone through the Pegasus software. The hacking could happen by making the target click on a malicious url sent to their phone. The software can also be installed by exploiting a security bug in voice calls through WhatsApp and similar apps. A single missed call can install the software on the targets phone which then deletes the call log entry to ensure that the victim of the hacking remains unaware.
Once installed, Pegasus can potentially access every information available on the phone, even encrypted chats and files. As per cybersecurity researchers, Pegasus can access on messages, calls, app activity, user location, video camera and microphone from the compromised device.
Researchers from Kaspersky, a prominent cybersecurity company, used the word “total surveillance” while referring to the capabilities of the Pegasus software.
Modular malware
The researchers called Pegasus software a modular malware As per their findings, once Pegasus scans a target’s phone, it then installs different modules as per requirement. Among other things, these modules can:
- Read user messages and mail
- Listen to calls
- Capture screenshots
- Log pressed keys
- Exfiltrate browser history and contacts