Decoded: The stealth with which Pegasus spyware infects phones, listens in

A multinational investigation coordinated by 16 well-known news organisations, Amnesty International and several cybersecurity organisations has sparked off a scandal about widespread, illegal surveillance being carried out by nation states on their citizens. The investigation centred on a list of “targets” of the Pegasus spyware. At least 40 Indian journalists, along with members of Parliament, judges and others were supposedly targeted by Pegasus. Phones of seven of these persons, who agreed to allow forensic examination of their devices, were found to be infected. What is .....
A multinational investigation coordinated by 16 well-known news organisations, Amnesty International and several cybersecurity organisations has sparked off a scandal about widespread, illegal surveillance being carried out by nation states on their citizens. The investigation centred on a list of “targets” of the Pegasus spyware. At least 40 Indian journalists, along with members of Parliament, judges and others were supposedly targeted by Pegasus. Phones of seven of these persons, who agreed to allow forensic examination of their devices, were found to be infected.

What is Pegasus?

Pegasus is the name of a spyware developed by Israeli firm NSO. It can be introduced surreptitiously into mobile devices and can suck up all data and meta-data on the infected device as well as monitor conversations, chats and browsing. It attained notoriety when it was alleged the Saudi authorities were monitoring murdered journalist Jamal Khashoggi’s phone by means of Pegasus.

Who can buy Pegasus?

NSO claims it will only sell the software to verified government agencies, with a contractual clause that the spyware can only be used in cases of suspected crime or terrorist activity. In practice, the clause is unenforceable – any buyer can then use it as they please. However, it is possible for NSO to verify potential buyers and check whether they are official agencies, though it refuses to release its client list. NSO claims it has 60 clients in 40 countries. NSO also says the spyware is mainly used by law enforcement and intelligence agencies as well as the military.

How much does Pegasus cost?

It is a technology that targets specific devices. A licence cost a minimum of about $650,000 in 2016, when the company released a catalogue (it doesn't publish a catalogue anymore). Each licence allows for multiple installations (or infections, if you prefer). In addition, the purchaser must spend a considerable amount to set up the infrastructure to capture, monitor and process the data.

NSO helps to set up the infrastructure and train the people who will infect the target’s phones, and then monitor and process the data. This installation and service charge has an asking price that could start at around $350,000. But NSO says it does not do the monitoring itself, and thus “has no visibility” on what is actually being picked up.

What’s special about Pegasus?

It is a very sophisticated spyware, which can remotely infect a very wide range of devices, and apparently does so without any action on the target’s parts. Most mobile spyware is installed by getting hold of the physical device or via phishing. In the latter, a text message/ WhatsApp / email with a malicious link is sent, and the target gets infected when he or she clicks on that link. Pegasus can be transmitted this way.

More importantly, NSO discovered a vulnerability that allowed it to infect mobiles by sending malicious WhatsApp messages, which did the job without any actions being necessary on the target’s part. NSO has, in fact, been sued by WhatsApp for exploiting this vulnerability. Pegasus can also be spiked into the target’s phone from a nearby base transceiver station (BTS). BTS is standard equipment used by telecom service companies to route and re-route signals.

What can Pegasus do?

Once installed, the spyware takes a wide range of permissions, allowing it to monitor location, emails, grab contact lists, take screenshots, grab media, grab instant messages and SMS, access browser history, take control of the phone’s mike and cameras, etcetera.

Pegasus can also be deleted remotely. It’s very hard to detect and once it’s deleted, leaves few traces. It can also be used to plant messages/ mails, etcetera, which is why there are theories it may have been used to plant fake evidence to implicate activists in the Bhima Koregaon case.

How can you figure out if Pegasus is infecting your mobile?

Given the costs, you would need to be a high-value target for a government agency to spend this sort of money. According to the technical experts who worked on this case, it is close to impossible to figure out if a phone has been infected with Pegasus. It doesn’t cause slowdown or hanging.

It is slightly easier to detect Pegasus on an iPhone because iPhones keep more detailed logs of activity, and cybersecurity experts can see if data has been exchanged with suspicious websites. Other than this, watch out for the usual signs of higher than normal data usage, and unusually high battery consumption (this is also lower with Pegasus than with other spyware).



Dear Reader,


Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel
Key stories on business-standard.com are available to premium subscribers only.

Already a premium subscriber?

Subscribe to get an across device (Website, Mobile Web, Iphone, Ipad, and Android Phone applications) access to Premium content, Breaking News alerts, Industry Newsletters, Stock and Corporate news alerts, access to Archives and a lot more.

Read More on

SURVEILLANCE

CYBERSECURITY

JOURNALISTS

MOBILE

IPHONE

CURRENT AFFAIRS

NATIONAL


Most Read

Markets

Companies

Opinion

Latest News

Todays Paper

News you can use