Pegasus, a spyware developed by an Israeli company NSO Group, is back in the spotlight over allegations of surveillance of prominent personalities including journalists and politicians by the government.
Calling the snooping allegations false and malicious, the Ministry of Electronics and Information Technology has said that there has been no unauthorised interception by government agencies.
“The allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever,” the ministry said in a statement. It said that the government is committed to ensuring the right to privacy of all its citizens.
It is a spyware that is used for hacking phones. Pegasus had made headlines in 2016 when it emerged that it unsuccessfully attempted to hack the mobile phone of UAE human rights activist Ahmed Mansoor.
Mansoor had received text messages on his iPhone promising ‘new secrets’ about tortured prisoners in the country if he opened a link in the SMS. Instead of following the instructions, he sent the messages to researchers at Citizen Lab, who traced the origin of the links back to infrastructure belonging to the NSO Group.
Pegasus spyware is believed to be the most sophisticated among all such products available in the market. It can easily infiltrate iOS, Apple’s mobile phone operating system, and Android devices. Pegasus was meant to be used by governments on a per-license basis. In May 2019, its developer, Israeli firm NSO Group, had limited the sale of Pegasus to state intelligence agencies and others.
NSO Group’s website states that the company creates technology that “helps government agencies” prevent and investigate terrorism and crime to save thousands of lives around the globe.
The company’s human rights policy includes “contractual obligations requiring NSO’s customers to limit the use of the company’s products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights”.
Despite all this, NSO has been accused of using Pegasus to snoop on people.
Allegations of snooping, phone tapping
In late 2019, WhatsApp claimed that nearly 1,400 of its users in 20 countries, including some Indian journalists and activists, had been targeted by Pegasus in May that year. The Facebook-owned messaging service alleged said the spyware exploited its video calling system and a specific vulnerability to send malware to the mobile devices. The vulnerability has since been patched.
NSO allegedly first created fake WhatsApp accounts, which were then used to make video calls. When an unsuspecting user’s phone rang, the attacker transmitted the malicious code and the spyware got auto-installed in the phone even if the user did not answer the call.
Through Pegasus, the attacker then took over the phone’s systems, gaining access to the user’s WhatsApp messages and calls, regular voice calls, passwords, contact lists, calendar events, phone’s microphone, and even the camera.
The NSO Group has categorically denied all allegations of wrongdoing and said that it sold Pegasus only to “vetted and legitimate government agencies”.