An international media consortium has published reports claiming NSO Group clients used Pegasus spyware to hack phones of politicians including the ruling party members, journalists, human rights activists and others. Althouth the government has categorically rejected such reports and denied any involvement, the issue of snooping using the Pegasus spyware has snowballed into a massive political row in the country. The software was developed by the Israeli company NSO Group and sold to government clients. Among the reported targets of the spyware are journalists, politicians, government officials, and human rights activists.
The reports claimed that former Congress chief Rahul Gandhi, BJP ministers Ashwini Vaishnaw and Prahlad Singh Patel, as also former election commissioner Ashok Lavasa and poll strategist Prashant Kishor were among those whose phone numbers were listed as potential targets for hacking through the Israeli spyware.
Pegasus: How it works
There's nothing particularly complicated about how the Pegasus spyware infects the phones of 'targets'. The initial hack involves a crafted SMS or iMessage that provides a link to a website. If clicked, this link delivers malicious software that compromises the device. The aim is to seize full control of the mobile device's operating system, either by rooting (on Android devices) or jailbreaking (on Apple iOS devices).
Usually, rooting on an Android device is done by the user to install applications and games from non-supported app stores, or re-enable a functionality that was disabled by the manufacturer. Similarly, a jailbreak can be deployed on Apple devices to allow the installation of apps not available on the Apple App Store, or to unlock the phone for use on alternative cellular networks. Many jailbreak approaches require the phone to be connected to a computer each time it's turned on. Rooting and jailbreaking both remove the security controls embedded in Android or iOS operating systems. They are typically a combination of configuration changes and a hack of core elements of the operating system to run modified code.
In the case of spyware, once a device is unlocked, the perpetrator can deploy further software to secure remote access to the device's data and functions. This user is likely to remain completely unaware.
Can infect both Android & Apple devices
The spyware infects Android and Apple devices too, but isn't as effective as it relies on a rooting technique that isn't 100 per cent reliable. When the initial infection attempt fails, the spyware supposedly prompts the user to grant relevant permissions so it can be deployed effectively.
What information can be collected?
The spyware can determine a user’s location, along with whether the person is stationary or moving. Besides, it can allow real-time monitoring of calls, emails, social media posts, messages even on encrypted chat apps such as WhatsApp. The spyware can collect user names, passwords, notes and documents. It can also activate microphones and cameras or perform any other action without users' intervention and start recordings.
How can you prevent Pegasus attack
There are mechanisms in place to show whether your device has been compromised. Although most people are unlikely to be targeted by this type of attack, there are still simple steps to minimise the potential exposure to Pegasus and other malicious attacks too. "At an individual level, one way is to secure oneself from Pegasus is to keep the OS and mobile apps updated. The vulnerabilities need to be fixed by OS and mobile apps developers to prevent invasion of sophisticated and zero click spyware like Pegasus. Users should refrain from clicking links sent in msg and emails by an unknown sender. Similarly the internet calls from unknown senders shall be avoided. If one is a victim then the way to get free from it is to delete all apps and discard using that device," Karmesh Gupta, CEO of world's first unified network security gateway WiJungle, said.
- Only open links from known and trusted contacts and sources when using your device. Pegasus is deployed to Apple devices through an iMessage link. And this is the same technique used by many cybercriminals for both malware distribution and less technical scams. The same advice applies to links sent via email or other messaging applications.
- Make sure your device is updated with any relevant patches and upgrades. While having a standardised version of an operating system creates a stable base for attackers to target, it's still your best defence.
- If you use Android, don't rely on notifications for new versions of the operating system. Check for the latest version yourself, as your device's manufacturer may not be providing updates.
- Although it may sound obvious, you should limit physical access to your phone. Do this by enabling pin, finger or face-locking on the device. Configure your device securely.
- Avoid public and free WiFi services (including hotels), especially when accessing sensitive information. The use of a VPN is a good solution when you need to use such networks.
- Encrypt your device data and enable remote-wipe features where available. If your device is lost or stolen, you will have some reassurance your data can remain safe.