Spyware, surveillance, snooping and similar terms occupied a major chunk of debates and conversations recently after Facebook-owned WhatsApp alleged that the Israeli spyware maker NSO Group used its flagship spyware Pegasus to target at least 1,400 users across the world in May this year.
WhatsApp, which has filed a 111-page complaint in a California court and sued the Israeli company, claims it detected the attack in May and found that the NSO exploited a “buffer overflow vulnerability in WhatsApp VOIP stack” to send its Pegasus malware to the target devices, even without the users answering the calls they received.
The surveillance was carried out “in and around April 2019 and May 2019”, WhatsApp said in its complaint.
WhatsApp alleged that the software was used to snoop on journalists, activists, lawyers and senior government officials in 20 countries around the world, including India. It has contacted, it says, several Indian users who are believed to be the targets of illegal snooping using the Pegasus spyware.
What is Pegasus and how it works?
Pegasus is a multitasking spyware that can seize every item from any mobile device without leaving a trace. Pegasus reportedly has the ability to infiltrate both Android and iOS devices and it uses a number of ways to hack into a target’s mobile devices, including using zero-day exploits.
As soon as Pegasus is installed on a target’s device, it starts contacting control servers, which can then relay commands to gather data from the infected device. Pegasus can steal passwords, contacts, text messages, calendar details, and even the voice calls made using messaging apps. It is also capable of snooping using the phone’s camera, microphone and the GPS to track the user’s live location.
Pegasus has been around for at least three years and it was also believed to have been used to target Indians earlier as well.
Who were targeted using Pegasus in India?
The popular messaging app has over 1.5 billion users around the world, of which India accounts for about 400 million.
Last week, WhatsApp had contacted human rights lawyer Nihal Singh Rathod, activists Bela Bhatia, Degree Prasad Chauhan, Anand Teltumbde, journalist Sidhant Sibal among others to inform them that they had been targeted by Israeli spyware in May for two weeks.
“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by (May 2019) attack to directly inform them about what happened,” WhatsApp wrote in a blog post.
But it hasn’t said anything about who was behind the cyber-attack and snooping. Meanwhile, the NSO Group has denied any role and claimed it only sells the spyware to “vetted and legitimate government agencies.”
— India Legal Bureau