What is Pegasus?

Spyware is any malicious software designed to enter your computer device, gather your data, and forward it to a third party without your consent.

Pegasus, developed by NSO Group, is perhaps the most powerful spyware ever created. It is designed to infiltrate smartphones — Android and iOS — and turn them into surveillance devices.

The Israeli company, however, markets it as a tool to track criminals and terrorists — for targeted spying and not mass surveillance. NSO Group sells the software to governments only.

A single license, which can be used to infect several smartphones, can cost up to Rs 70 lakh. According to a 2016 price list, NSO Group charged its customers $650,000 to infiltrate 10 devices, plus an installation fee of $500,000.

Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. This means a phone could be infected even if it has the latest security patch installed.

A previous version of the spyware — from 2016 — infected smartphones using a technique called “spear-fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent versions.

By 2019, Pegasus could infiltrate a device with a missed call on WhatsApp and could even delete the record of this missed call, making it impossible for the user to know they had been targeted. In May that year, WhatsApp said Pegasus had exploited a bug in its code to infect more than 1,400 Android phones and iPhones this way, including those of government officials, journalists, and human rights activists. It soon fixed the bug.

Pegasus also exploits bugs in iMessage, giving it backdoor access to millions of iPhones. The spyware can also be installed over a wireless transceiver (radio transmitter and receiver) located near a target.

Once installed on a phone, Pegasus can intercept and steal more or less any information on it, including SMSes, contacts, call history, calendars, emails, and browsing histories. It can use your phone’s microphone to record calls and other conversations, secretly film you with its camera, or track you with GPS.

Researchers at Canadian cybersecurity organization The Citizen Lab first encountered Pegasus on a smartphone of human rights activist Ahmed Mansoor.

The Citizen Lab published a report that identified 45 countries in which Pegasus was being used. As with the latest revelations, the list included India.

WhatsApp revealed that journalists and human rights activists in India had been targets of surveillance by operators using Pegasus.

The Pegasus Project, an international investigative journalism effort, revealed that various governments used the software to spy on government officials, opposition politicians, journalists, activists, and many others. It said the Indian government used it to spy on around 300 people between 2017 & 2019.