© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
WhatsApp, on Thursday, won a lawsuit against NSO Group Technologies, the company behind the notorious Pegasus spyware. To give you a quick recap, back in 2019, the Israeli company was accused by Meta of infecting and surveilling phones of around 1,400 people for two weeks.
According to a ruling by a US court judge Phyllis Hamilton, the company had not only violated the state and federal US hacking laws but also infringed WhatsApp’s terms of service. The judge also said that he had asked NSO Group to provide Pegasus’ source code earlier this year, but after they repeatedly failed to comply with the order, she granted WhatsApp’s request to sanction NSO Group.
“After five years of litigation, we’re grateful for today’s decision. NSO can no longer avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists and civil society. With this ruling, spyware companies should be on notice that their illegal actions will not be tolerated”, WhatsApp said in a statement.
Here’s what you need to know about Pegasus spyware in seven points:
According to NSO Group, Pegasus aka Q Suite is “a world-leading cyber intelligence solution that enables law enforcement and intelligence agencies to remotely and covertly extract data from virtually any mobile device.”
Once installed, Pegasus can not only read and go through your WhatsApp chats but also retrieve any information like SMS, call history, calendar, email, browsing history or files stored on the device.
Up until 2018, Pegasus primarily relied on sending its targets SMS and WhatsApp messages laced with malicious links, clicking on which would infect their device. However, the company soon switched to the “network injection” method, which allowed customers using Pegasus to infect a device without requiring any action by the target.
Pegasus also used “zero-day” vulnerabilities, which are basically bugs or exploits in an operating system that the manufacturer is unaware of. Fast forward to 2019, NSO Group had developed the ability to simply place calls to a WhatsApp number to infect the device. This was particularly worrisome as the user did not even have to answer the call for Pegasus to infect their device.
NSO Group says the use of Pegasus is limited to governments around the world. According to NordVPN, the biggest customers of Pegasus include Saudi Arabia, Azerbaijan, India and the United Arab Emirates. In January 2022, it was found out that NSO Group had also sold the spyware to the United States Federal Bureau of Investigation, but the deal fell apart after discussions with the Department of Justice.
One of the main reasons Pegasus is so controversial is that the software was designed to prevent and fight terror and crime, but has been reportedly used by governments around the world to snoop on journalists, opposition leaders, human rights activists and even people who did not agree with their respective establishments.
Since it does not require any user interaction to infect a device, the spyware can be easily installed on any device without the user even knowing it and leaves little to no digital trace.
While there is currently no sure-fire way to detect if a device is infected by Pegasus, some private security firms offer tools to detect Pegasus on a device.
Earlier this year, researchers at the Russian anti-virus firm Kaspersky revealed a new way to detect advanced iOS spyware like Pegasus using the iPhone’s system logs. The technique involves analysing the Shutdown.log file in iOS’ sysdiagnose archive, which retains information from every device reboot to find anomalies linked to Pegasus.
iVerify, a security firm that offers subscription-based protection unveiled a new feature called “Mobile Threat Hunting”, which can help detect the notorious Pegasus spyware.
In its initial investigation, the company found out that out of the 2,500 scanned devices, Pegasus was found infecting seven phones. This may seem irrelevant at first sight, but it does raise a massive red flag in the world of mobile security.
The company said it used a combination of techniques like signature based detection, heuristics and machine learning to search for any signs of infection and that users who down the iVerify Basics app, which costs $1, can scan their device once every month to see if their device is infected by Pegasus.
But with the NSO Group still working on Pegasus, these methods may no longer be reliable in the near future, meaning there is no guaranteed way to check if you are infected by Pegasus.
