Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
News18 » Tech
2-min read

Pegasus Spyware Explained: How it Can Easily Take Over Your Phone With Just a Missed Call

Traditionally, Pegasus works by sending a link, and if the target user clicks on it, it is installed on the user’s device.


Updated:November 1, 2019, 12:16 PM IST
facebookTwitter Pocket whatsapp
Pegasus Spyware Explained: How it Can Easily Take Over Your Phone With Just a Missed Call
Illustration by Mir Suhail/News18

WhatsApp recently confirmed that a spyware was being used by Israel based company NSO Group to spy on government officials, journalists, activists, lawyers, and various countries globally, including India. The confirmation about the use of Pegasus spyware came earlier this week after WhatsApp sued NSO Group, which had long been suspected in the WhatsApp cyberattack that happened earlier this year. Reportedly WhatsApp has warned several Indian users who are expected to be targets of the illegal snooping spyware.

As of now, there is no confirmation on how many people were targeted in India. A WhatsApp spokesperson has however confirmed that a certain number of Indian users were among those who could have been a part of the cyber-attack that happened in May. WhatsApp wrote in a blog post, “We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by [May 2019] attack to directly inform them about what happened.”

But how exactly does this spyware work, especially after WhatsApp claims to offer high-end encryption methods?

Pegasus is said to be around for about three years and it is not your ordinary spyware. Traditionally, Pegasus works by sending a link, and if the target user clicks on it, it is installed on the user’s device. Once installed, it begins to contact control servers which allow it to relay commands so one can gather data from the infected device. It has the potential to steal your passwords, contacts, text messages, calendar info, as well as voice calls made through messaging apps, in this case, WhatsApp. The threat doesn’t stop there as it can even let the hacker have access to your phone's camera, microphone and GPS to track live locations. Pegasus has been around for at least three years and it was also believed to have been used to target Indians earlier as well.

The spyware targeted a vulnerability in WhatsApp VoIP stack which is used to make video and audio calls. By just giving a missed call on someone’s WhatsApp number allowed Pegasus to gain access to the device. This essentially means that despite offering high-end data encryption for chats, WhatsApp overlooked the security of its calling feature.

WhatsApp took the help of The Citizen Lab at the University of Toronto, where researchers confirmed that Pegasus is a flagship spyware from NSO Group and is also known by different names like Q Suite and Trident. Pegasus can not only be used to attack Android devices but iOS as well. Pegasus has been used in the past to take over a target's device by simply asking users to click on a link packaged under a fake offering.

Notably, while companies that make spyware are usually under surveillance, the way they pitch their ‘tool’ to governments is completely different. In fact, Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation (EFF) has even shared the Product User Guide for Pegasus, giving a deep look as to how the spyware works and how organizations that make use of it can overcome certain challenges to achieve mobile intelligence collection.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Read full article
Next Story
Next Story

facebookTwitter Pocket whatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results