Israeli spyware maker NSO Group is back in limelight after WhatsApp sued the company for its Pegasus spyware that was allegedly used to snoop on journalists, activists, lawyers and senior government officials in 20 countries around the world, including India, in May this year. WhatsApp revealed that it has contacted several Indian users who are believed to be the targets of illegal snooping using the Pegasus spyware.
Although the seeming confirmation about the use of Pegasus came on Tuesday after WhatsApp sued NSO Group, the use of Pegasus has long been suspected in the WhatsApp cyberattack that was first reported earlier this year.
What is Pegasus and how does it infect devices?
According to The Citizen Lab at the University of Toronto, which helped WhatsApp with the investigation into the cyber-attack, Pegasus is the flagship spyware of Israel-based NSO Group. It is believed to be known by other names as well, like Q Suite and Trident. Pegasus reportedly has the ability to infiltrate both Android and iOS devices and it uses a number of ways to hack into a target’s mobile devices, including using zero-day exploits.
In the case of WhatsApp, Pegasus has said to have used a vulnerability in WhatsApp VoIP stack that is used to place video and audio calls. Just a missed call on WhatsApp allowed Pegasus to gain access to the target’s device.
The Citizen Lab notes that Pegasus has used other ways in the past to infiltrate a target’s device, like getting the target to click on a link using social engineering or using fake package notifications to deploy the spyware.
Pegasus has been around for at least three years and it was also believed to have been used to target Indians earlier as well.
What can Pegasus do?
Pegasus is a versatile piece of spyware and as soon as it is installed on a target’s device, it starts contacting control servers, which can then relay commands to gather data from the infected device. Pegasus can steal information like passwords, contacts, text messages, calendar details, and even the voice calls made using messaging apps. Further, it can also snoop using the phone’s camera and microphone as well as use the GPS to track live location.
Who was hacked using Pegasus in India?
The specifics of exactly how many people were hacked in India using Pegasus through WhatsApp is unclear. However, a WhatsApp spokesperson confirmed to Gadgets 360 that Indian users were among those contacted by the company this week over the May cyber-attack.
“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by [May 2019] attack to directly inform them about what happened,” WhatsApp wrote in a blog post.
Facebook-owned WhatsApp has also not said anything about who was behind the cyber-attack and illegal snooping. NSO Group has also denied any wrongdoing and the company claims it only sells the spyware to “vetted and legitimate government agencies.”
Meanwhile, the government has sought response of WhatsApp over the hacking of Indian citizens.