The Company That Hacked WhatsApp
The Israeli Spyware maker, NSO Group came back into the limelight, when one of their flagship spyware, Pegasus, was used to snoop on journalists, activists, lawyers and several senior government officials across 20 countries, including India. The company illegally used WhatsApp servers to sneak Pegasus onto phones of around 1,400 people across the world. Through this, Pegasus compromised the entire phone data, including data from Skype, photos, videos, SMS, location, browser history, and also activate the mobile phone’s microphone and camera.
The confirmation about the use of Pegasus came after WhatsApp sued the Israeli firm, NSO Group of $72,000. The Facebook-owned company circulated two precautionary measures to combat the threat and stay secure, i.e. to always use the latest version of the app and keep the mobile OS updated to receive the latest security versions. They sent this message to the likely victims of the spyware.
Pegasus has been said to have used the WhatsApp VoIP stack which is used for placing video and audio calls. The virus merely needed to place a missed call on the target’s device to gain full access.
The sophisticated spyware has used other ways in the past to invade into the target’s device, like sending links and urging them to click on it or using fake packages to inject the spyware. Pegasus has been around for almost three years now, threatening the security of thousands across the globe.
The Working
Pegasus is not any ordinary spyware and is being used for almost three years now. It is a versatile piece of software that is injected into the target’s phone, by sending links and urging the users to click on it. Once the installation is done, it begins to contact control servers which then transfers commands to gather personal data from the device. One can have access to passwords, contacts, location, text messages, as well as it can monitor voice calls.
The attack sequence of Pegasus is a classic phishing scheme; send a text message, open the web browser, load page, exploit vulnerabilities, install software to gather information. However, this happens invisibly and silently so that the target does not realise that his phone is being surveilled.
Apart from Android and iOS operating systems, Pegasus is known to penetrate Symbian and BlackBerry devices too. After installation, the spyware completes its job in the background, without the user’s notice. This is one of the reasons why Pegasus is among the most dangerous forms of spyware and popular among security contractors.
The Beginning
The first reports on Pegasus were discovered when a UAE based human rights activist, Ahmed Mansoor, was targeted with an SMS link on his iPhone. He had received several messages that contained malicious links. He later sent those messages to security experts from Citizen Lab, who further forwarded them to another cybersecurity firm, Lookout. Mansoor was lucky enough to not have clicked on the link otherwise his phone would have been infected with the spyware.
Evidence gathered by Citizen Lab in 2017 also suggested that state-sponsored actors used the exploited infrastructure to target Mexican journalists and human rights activists. They found that over 10 journalists and social workers who were engaged in exposing government corruption, had received messages that carried Pegasus. The targeted journalists were responsible for bringing to light a high-profile scandal, which involved the then Mexican President, Enrique Pena Nieto.
In December 2018, a Montreal-based activist Omar Abdulaziz lodged a case against NSO, alleging that his phone had been put on surveillance by Pegasus. He claimed that the company helped the Royal Court gain access to communications that he had with his close friend Jamal Kashoggi, a Saudi dissident journalist, who was killed by Saudi agents. Kashoggi was slaughtered and dismembered in the Saudi consulate in Istanbul. Many American intelligence agencies and officials have claimed that Prince Mohammed bin Salman, ruler of Saudi Arabia was responsible for his assassination.
Recently, in May 2019, Pegasus was being used to exploit WhatsApp and spy on the potential target’s movements. WhatsApp issued an urgent software update to fix the security threat that was allowing the spyware to exploit the app.
Why Was Pegasus Developed?
NSO claims that its flagship spyware, Pegasus helps the government to fight violent crimes and terrorism. It has given license to dozens of countries in the world including Mexico, Bahrain, Saudi Arabia and the UAE. The company says that it takes rigorous review before the sales of its product even though reports by Citizen Lab has shown that the spyware is often used to target activists and journalists. However, NSO claims that it strictly vets its clients and does not allow its tools to be used against activists. They said that the technology is “solely operated by intelligence and law enforcement agencies”. It remains unclear what factors are taken into consideration before the company sells an inherently invasive product like Pegasus.
How to Secure Your Device?
There are several measures that you can take to secure your device from Pegasus, starting from developing good technology practices.
1. Always make sure that you have updated your system with the latest version of your OS. Both Apple and Google regularly release updates which also includes security patches to combat vulnerabilities and malware. Both companies have also released fixes for Pegasus to avoid further attacks.
2. The spyware installs its software by sending a link in a text message, email, or other similar means, which urges the users to click on it. When you receive such a link, make sure you trust the source and that you actually verify with the person that the link they have sent is coming from the person you believe has sent it.
3. It is also critical to maintain secure communications including calls and messages which do not threaten to inject Pegasus or any other malware. When you secure your calls and messages, it will ensure security even when spyware infiltrates your device.
Mobile security has become of paramount importance these days. Any data including social, and personal that is once leaked, can be used by anyone on the internet. It is quite important to secure your iPhone and Android devices from such targeted attacks. In order to do that, people need to understand the effects of the virus first.
