WhatsApp recently confirmed that a spyware was being used by Israel based company NSO Group to spy on government officials, journalists, activists, lawyers, and various countries globally, including India. The confirmation about the use of Pegasus spyware came earlier this week after WhatsApp sued NSO Group, which had long been suspected in the WhatsApp cyberattack that happened earlier this year. Reportedly WhatsApp has warned several Indian users who are expected to be targets of the illegal snooping spyware.
As of now, there is no confirmation on how many people were targeted in India. A WhatsApp spokesperson has however confirmed that a certain number of Indian users were among those who could have been a part of the cyber-attack that happened in May. WhatsApp wrote in a blog post, “We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by [May 2019] attack to directly inform them about what happened.”
But how exactly does this spyware work, especially after WhatsApp claims to offer high-end encryption methods?
Pegasus is said to be around for about three years and it is not your ordinary spyware. Traditionally, Pegasus works by sending a link, and if the target user clicks on it, it is installed on the user’s device. Once installed, it begins to contact control servers which allow it to relay commands so one can gather data from the infected device. It has the potential to steal your passwords, contacts, text messages, calendar info, as well as voice calls made through messaging apps, in this case, WhatsApp. The threat doesn’t stop there as it can even let the hacker have access to your phone's camera, microphone and GPS to track live locations. Pegasus has been around for at least three years and it was also believed to have been used to target Indians earlier as well.
The spyware targeted a vulnerability in WhatsApp VoIP stack which is used to make video and audio calls. By just giving a missed call on someone’s WhatsApp number allowed Pegasus to gain access to the device. This essentially means that despite offering high-end data encryption for chats, WhatsApp overlooked the security of its calling feature.
WhatsApp took the help of The Citizen Lab at the University of Toronto, where researchers confirmed that Pegasus is a flagship spyware from NSO Group and is also known by different names like Q Suite and Trident. Pegasus can not only be used to attack Android devices but iOS as well. Pegasus has been used in the past to take over a target's device by simply asking users to click on a link packaged under a fake offering.
Notably, while companies that make spyware are usually under surveillance, the way they pitch their ‘tool’ to governments is completely different. In fact, Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation (EFF) has even shared the Product User Guide for Pegasus, giving a deep look as to how the spyware works and how organizations that make use of it can overcome certain challenges to achieve mobile intelligence collection.