Explained: What is Pegasus, how is it used to hack into phones to spy users?
New Delhi, July 19: In what can be seen as a biggest smartphone attack, Pegasus, developed by Israeli cybersecurity firm NSO Group, is a highly sophisticated spyware that has been referred to as the "most sophisticated smartphone attack ever".
According to reports, it was first noticed in 2016 but created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the world, including India.
Considered the most sophisticated among all such products available in the market, it can infiltrate iOS, Apple's mobile phone operating system, and Android devices.
It is reportedly said that Pegasus was meant to be used by governments on a per-license basis. In 2019, its developer had limited sales of Pegasus to state intelligence agencies and others.
How does Pegasus help government agencies?
The home page of NSO Group's website says the company creates technology that "helps government agencies" prevent and investigate terrorism and crime to save thousands of lives around the globe.
The human rights policy of the company includes "contractual obligations requiring NSO's customers to limit the use of the company's products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights".
However, NSO has been accused in the past of using Pegasus to meddle on people.
Later the same year, WhatsApp, the Facebook-owned messaging service, confirmed that around 1,400 of its users in 20 countries, including Indian journalists and activists, had been targeted by Pegasus in May that year.
WhatsApp said the spyware exploited its video calling system and a specific vulnerability to send malware to the mobile devices. The vulnerability has since been patched.
NSO allegedly first created fake WhatsApp accounts, which were then used to make video calls. When an unsuspecting user's phone rang, the attacker transmitted the malicious code and the spyware got auto-installed in the phone even if the user did not answer the call.
Through Pegasus, it gained access to the user's WhatsApp messages and calls, regular voice calls, passwords, contact lists, calendar events, phone's microphone, and even the camera.
However, NSO Group has denied any wrongdoing. It claimed to sell Pegasus only to "vetted and legitimate government agencies".