© The Indian Express Pvt Ltd
Tags:
Journalism of Courage
A glitch in the NSO Group’s spyware Pegasus left behind a “mysterious fake image file” on the phone of Saudi Arabian women’s rights activist Loujain al-Hathloul, and is the likely trigger which helped cybersecurity researchers across the world discover how the malware infected phones, according to a report by Reuters.
Loujain al-Hathloul, an activist who had campaigned to end the ban on women drivers in Saudi Arabia, was arrested by the country’s police in May 2018 and jailed. In February 2021, after she was released, she received an email from Google, which alerted her that state-backed hackers had tried to illegally access her mail account.
With a suspicion that her phone could be hacked as well, al-Hathloul reached out to Citizen Lab, a Canada-based privacy rights group to probe her device and check for any vulnerabilities.
Upon inspection of her phone, Citizen Lab found that Pegasus had left behind a copy of a malicious image file, which should have been, as per the software instructions, deleted. This glitch in the malware led the Lab to conclude that the spyware had been used to track al-Hathloul.
Following the discovery of the glitch, Citizen Lab alerted Apple about the vulnerabilities in its devices and how those were being used by Pegasus to spy on journalists, activists, human rights defenders, politicians and various other people by governments across the world.
Apart from fixing the glitch, Apple also reached out to all the people who were likely targets, and informed them about the possible hacking of their phones.
As per the Reuters report, Citizen Lab found that al-Hathloul’s phone was infected with a version of the malware that could penetrate without requiring any action from the user’s end. This newer version, called the ‘zero click’ malware, launches itself in the device without the target of the spying ever having to click or tap a suspicious link.
The ‘zero-click’ feature in Pegasus was introduced as an update to an earlier version of the malware, which required the target to click a link, sent either through an email, an SMS, or a message on WhatsApp or Apple’s iMessage.
Such zero-click malware also delete all the evidence of their presence once they infect the user, thereby leaving behind no proof. This, according to cybersecurity researchers, makes it difficult to establish if the phones were being tracked.
Over the last three years, several reports have claimed that the spyware was used to spy on and infect at least 50,000 devices globally, including some in India. Earlier this year in January, The New York Times reported that India had bought Pegasus from Israel as a part of its $2-billion package for weapons including a missile system.
The NYT report claimed that the deal was finalised during Prime Minister Narendra Modi’s landmark visit to Israel in July 2017. The report also mentioned that the Federal Bureau of Investigation had bought and tested the spyware “for years with plans to use it for domestic surveillance until the agency finally decided last year not to deploy the tools”.
An investigation in Israel is reported to have found that police in that country targeted certain citizens with the spyware.
Newsletter | Click to get the day’s best explainers in your inbox
