But what is Pegasus, who is it for, how does it infect devices, and what can it do?
What is it?
A spyware is any malicious software designed to enter your computer device, gather your data, and forward it to a third-party without your consent.
Pegasus, developed by NSO Group, is perhaps the most powerful spyware ever created. It is designed to infiltrate smartphones — Android and iOS — and turn them into surveillance devices.
The Israeli company, however, markets it as a tool to track criminals and terrorists — for targeted spying and not mass surveillance. NSO Group sells the software to governments only. A single licence, which can be used to infect several smartphones, can cost up to Rs 70 lakh. According to a 2016 price list, NSO Group charged its customers $650,000 to infiltrate 10 devices, plus an installation fee of $500,000.
How does it work?
Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means a phone could be infected even if it has the latest security patch installed.
A previous version of the spyware — from 2016 — infected smartphones using a technique called “spear-fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent versions.
By 2019, Pegasus could infiltrate a device with a missed call on WhatsApp and could even delete the record of this missed call, making it impossible for the user to know they had been targeted. In May that year, WhatsApp said Pegasus had exploited a bug in its code to infect more than 1,400 Android phones and iPhones this way, including those of government officials, journalists and human rights activists. It soon fixed the bug.
Pegasus also exploits bugs in iMessage, giving it backdoor access to millions of iPhones. The spyware can also be installed over a wireless transceiver (radio transmitter and receiver) located near a target.
What can it do?
Once installed on a phone, Pegasus can intercept and steal more or less any information on it, including SMSes, contacts, call history, calendars, emails and browsing histories. It can use your phone’s microphone to record calls and other conversations, secretly film you with its camera, or track you with GPS.
Brief history of Pegasus
2016: Researchers at Canadian cybersecurity organisation The Citizen Lab first encountered Pegasus on a smartphone of human rights activist Ahmed Mansoor.
September 2018: The Citizen Lab published a report that identified 45 countries in which Pegasus was being used. As with the latest revelations, the list included India.
October 2019: WhatsApp revealed that journalists and human rights activists in India had been targets of surveillance by operators using Pegasus.
July 2021: The Pegasus Project, an international investigative journalism effort, revealed that various governments used the software to spy on government officials, opposition politicians, journalists, activists and many others. It said the Indian government used it to spy on around 300 people between 2017 and 2019.