How Israeli Spyware Pegasus Snooped On WhatsApp Users In 5 Simple Points
Israeli Spyware Pegasus, developed by cyber-security company NSO, was used to snoop on around 1,400 WhatsApp users in 20 countries including Indian journalists and activists.
WhatsApp snooping row: Israeli Spyware Pegasus can infiltrate iOS and Android devices.
Around 1,400 WhatsApp users in 20 countries including Indian journalists and activists were targeted by sophisticated spyware called Pegasus, the Facebook-owned messaging service confirmed today. It alleged that Israeli company NSO used Pegasus spyware to snoop on people around the world. Earlier this week, WhatsApp contacted human rights lawyer Nihal Singh Rathod, activists Bela Bhatia, Degree Prasad Chauhan, Anand Teltumbd, journalist Sidhant Sibal among others to inform them that they had been targeted by Israeli spyware in May for two weeks. WhatsApp has over 1.5 billion users globally, of which India accounts for about 400 million. The latest security hole has instilled fears about the security of the popular messaging service.
Know About Israeli Spyware Pegasus That Was Used To Target WhatsApp Users
1. Pegasus, the most sophisticated spyware available on the market, and can infiltrate iOS and Android devices. It is developed by Israeli cyber-security company NSO.
2. WhatsApp said that in this hacking case, the spyware exploited its video calling system and a vulnerability called "zero-click zero-day" to send malware to the mobile devices.
3. The NSO first created fake WhatsApp accounts and the spyware "Pegasus" got into the user's phone through a video call. When the phone rang, the attacker transmitted a malicious code and the spyware got auto-installed in the phone even if the user did not answer the call.
4. By taking over the phone's systems, the attacker got access to the user's WhatsApp messages and calls, regular voice calls, passwords, contact lists, calendar events, phone's microphone, and camera.
5. Pegasus has been around for at least three years now. The sophisticated spyware was meant to be used by the governments on a per-license basis but was being used for targeting people. Earlier in May, NSO had limited sales of Pegasus to state intelligence agencies and others.
After Spyware Scandal, WhatsApp Explains How To Prevent Pegasus Attack
Hit by a spyware scandal affecting several mobile phone users across the world, WhatsApp has told likely victims that they should install the latest version of the messaging software and actively update the mobile operating system of their devices to ensure protection against future attacks.
The Facebook-owned messaging service listed the two precautionary measures in a message to users it believed were affected by the sophisticated Pegasus spyware. "How to stay secure: Always use the latest version of WhatsApp and keep your mobile operating system updated to receive the latest security protections," it read.
The message also explained that while WhatsApp had earlier stopped an "advanced cyber actor" from exploiting its video-calling service to install spyware in certain mobile phones, there was a possibility that the device in question could have been affected.
This message was sent to likely victims of the spyware scandal before Facebook sued cybersecurity company NSO for over $75,000 in damages on Tuesday. It has alleged that the Israeli firm illegally used WhatsApp servers to sneak Pegasus into phones belonging to 1,400 users across 20 countries.
In India, the targeted users reportedly comprised journalists, activists, lawyers and senior government officials. Bela Bhatia, an activist working in Chhattisgarh, hinted at a deeper conspiracy behind the scandal. "The person who called me explained how I had been targeted, telling me that 'we can clearly and categorically say your own government has done this'," she told NDTV.
The centre has denied playing any role, instead seeking WhatsApp's response on the issue.
Pegasus allegedly takes over the phone's operating system during a video call, giving attackers access to users' messages, calls and passwords. It can even turn the mobile phone into a microphone capable of listening to conversations in a room. The spyware is believed to have been used to snoop on Indian activists and journalists for nearly two weeks in April.
While WhatsApp has refused to provide the exact number of those targeted, it claims to have informed each affected user about the issue. "We quickly added new protections to our systems and issued an update to help keep people safe. We are now taking additional action on the basis of what we have learnt to date," it said in a statement.
NSO has rejected Facebook's allegations. "Our technology is not designed or licensed for use against human rights activists and journalists. It is licensed only to vetted and legitimate government agencies," it claimed.