Pegasus, an Israeli spyware hacks into your Whatsapp and is referred to as the “most sophisticated smartphone attack ever”. It is in news because on Sunday evening a number of news websites, including the Washington Post and the Guardian, claimed that over 10 governments are using this spyware to spy on journalists, activists and other key media personalities. In India, according to the reports, over 40 journalists were under surveillance using Pegasus.
It is worth noting that NSO Group has confirmed the existence of Pegasus. However, the Israeli company has also said that it sells the tools only to governments and that it is not responsible for its misuse.
So what is it exactly, how it works and what does it do? Read Here.
What is Pegasus?
Pegasus is a spyware developed by Israeli cybersecurity firm NSO Group. It was first noticed in 2016 but created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the globe, including in India.
Earlier it was believed that Pegasus was targeting iPhone users. Several days after its discovery Apple released an updated version of iOS, which reportedly patched the security loophole that Pegasus was using to hack phones.
However, a year later, security researchers found that Pegasus was equally capable of infecting Android phones. More security patches and more information trickled. Then in 2019, Facebook filed a case against NSO Group for creating Pegasus. The security researchers at Facebook were chasing Pegasus across their systems, and they found that the software was used to infect several journalists and activists in India. This was also the time when WhatsApp told the affected Indian users about it through a message.
How does Pegasus hack a phone?
Pegasus gains access to a phone through a malicious web link through a message or email. Once a user clicked on the link, Pegasus would be installed on the phone. The spyware also has some new abilities. Researchers found that it could be even installed on the phone with just a missed WhatsApp call.
Moreover, once Pegasus had access to the device, it could delete any call logs, thus making it virtually impossible for the victim to know that their phone was a target by the spyware.
What could Pegasus do?
Once Pegasus is on a phone, it can potentially spy on the targeted user completely and thoroughly. Even encrypted chats like the ones made through WhatsApp were accessible to Pegasus. Security researchers have found that Pegasus can read messages, track calls, track user activity within apps, gather location data, access video cameras in a phone, or listen through their microphones.
Here is What Kaspersky researchers wrote in 2017:
Let’s be clear: We’re talking total surveillance. Pegasus is modular malware. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. Basically, it can spy on every aspect of the target’s life. It’s also noteworthy that Pegasus could even listen to encrypted audio streams and read encrypted messages — thanks to its keylogging and audio recording capabilities, it was stealing messages before they were encrypted (and, for incoming messages, after decryption).
How to get rid of Pegasus?
Several cybersecurity analysts and experts have pointed out that the only way to get completely rid of Pegasus is to discard the phone that has been affected. According to Citizen Lab, even factory resetting your smartphone will not be useful as it cannot get rid of the spyware completely.
The attackers can continue to access your online accounts even after your device is no longer infected. Thus, the only way to get rid of Pegasus completely is to discard the phone and to ensure that all the apps which you reinstall on your new phone are up to date.
In order to ensure your online accounts are safe, you should also change the passwords of all the cloud-based applications and services that you were using on the infected device.