Advertisement
X

Explainer: What Is Pegasus And What Has WhatsApp Got To Do With It?

Pegasus is a spyware that was developed by an Israeli "cyber weapons" company named NSO Group.

Ahead of the Monsoon Session of Parliament, an old issue seems to have surfaced once again - Pegasus spyware.  Even as the Narendra Modi-led government convened an all-party meeting with Opposition leaders on the eve of the Monsoon session of Parliament, news of an alleged report called the "Pegasus Report" on the purported wire-tapping of politicians, ministers and other high-level officials started flying fast and thick.

So what is Pegasus?

Pegasus is a spyware that was developed by an Israeli "cyber weapons" company named NSO Group.  The first time it hit the news was in 2016 when several iPhone users were believed to be targeted by the software to hack them. While iPhone claimed to fix the vulnerabilities that allowed Pegasus to infiltrate its users' devices, the spyware was later reported to also hack Android devices.

What is its connection to India?

In India, the app was widely reported in 2019 after complaints about the app allegedly targeting Indian journalists and activists by hacking their devices. According to allegations by messaging app WhatsApp, at least a dozen Indian users including journalists and human rights activists were among those globally spied upon by unnamed entities using an Israeli sypware Pegasus. It said that at least 12 Indian users were among those targeted by the spyware in the days before May 2019.

What have Facebook and WhatsApp got to do with it? 

In 2019, Facebook-owned Whatsapp informed a number of Indian users who were purportedly affected by the spyware about the same via a message. Facebook had been following Pegasus across its network and soon WhatsApp also sued NSO Group, the makers of the spyware, in the same year, alleging that the spyware was used to hack nearly 1,400 devices that exploited an alleged vulnerability in the messaging app to access its users. 

The legal action initiated by Facebook found support among other tech giants like Google, Microsoft, Cisco who filed an amicus brief in the former's favour in 2020. 

While NSO has acknowledged that Pegasus does indeed exist, it has said that it merely sells the software to governments and cannot be held accountable for its misuse. In response to NSO Group's statement, Microsoft had in 2020 said in an online statement, "Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve". 

Advertisement

"Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk," WhatsApp Head Will Cathcart said in an op-ed in The Washington Post.

Nevertheless, an Israeli court rejected in July 2020 a request to strip the controversial spyware firm NSO Group of its export license over the suspected use of the company's technology in targeting journalists and dissidents worldwide.

How does Pegasus spyware work?

Experts have deemed the software as one of the most 'sophisticated' Spywares to exist due to the sheer ease and smoothness with which is hacks into users devices without allowing the latter an iota of suspicion. 

Victims of hacking by the Israeli app are sent a malicious link by the hacker which, upon being clicked, leads to Pegasus automatically getting installed on the users' phone. The hackers can also hack into the users' phones through security bugs in calls made through apps like WhatsApp. All the hacker needs to do is give a missed call to the victim for the latter kind of hacking to work. Once the spyware is installed, it will automatically delete all history of the missed call from the user's phone log, leaving no trace of the hack or of the device being compromised.

Advertisement

Once installed, Pegasus has access to and can extract sensitive and private data such as passwords, photos, text messages, emails and even phone calls, essentially spying on the user through their device.  

Show comments
US