What is Pegasus and how does it infect devices?
According to The Citizen Lab at the University of Toronto, which helped WhatsApp with the investigation into the cyber-attack, Pegasus is the flagship spyware of Israel-based NSO Group. It is believed to be known by other names as well, like Q Suite and Trident. Pegasus reportedly has the ability to infiltrate both Android and iOS devices and it uses a number of ways to hack into a target’s mobile devices, including using zero-day exploits.
WhatsApp, Security and Spyware: What Happened
In the case of WhatsApp, Pegasus has said to have used a vulnerability in the WhatsApp VoIP stack that is used to place video and audio calls. Just a missed call on WhatsApp allowed Pegasus to gain access to the target’s device.
The Citizen Lab had noted that Pegasus had used other ways in the past to infiltrate a target’s device, like getting the target to click on a link using social engineering or using fake package notifications to deploy the spyware. Pegasus has been around since 2016 and it was also believed to have been used to target Indians earlier as well.
What can Pegasus do?
Pegasus is a versatile piece of spyware and as soon as it is installed on a target’s device, it starts contacting control servers, which can then relay commands to gather data from the infected device. Pegasus can steal information like passwords, contacts, text messages, calendar details, and even the voice calls made using messaging apps. Further, it can also snoop using the phone’s camera and microphone as well as use the GPS to track live location.
Who was hacked using Pegasus in India?
The specifics of exactly how many people were hacked in India using Pegasus through WhatsApp is unclear. However, WhatsApp spokesperson confirmed earlier that Indian users were among those contacted by the company this week over the May cyber-attack.
“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by [May 2019] attack to directly inform them about what happened,” WhatsApp wrote in a blog post.
Facebook-owned WhatsApp has also not said anything about who was behind the cyber-attack and illegal snooping. NSO Group has also denied any wrongdoing and the company claims it only sells the spyware to “vetted and legitimate government agencies.”
Is it Pegasus alone
We do not know yet. There are unconfirmed reports about another Israeli spyware Candiru also being sold in India along with some other Central Asian Countries.