Ever since The Wire group announced the list of 300+ Indian phone numbers being snooped by the Indian government; the internet is abuzz on what it is about and how the spying software works. So, here’s a laydown of all the information about the white-hot topic making headlines on your feeds.
What is the news all about?
In a recently leaked database of around 50,000 mobile numbers which are being snooped globally, as much as 300 phone numbers belong to Indians which include an elite list of influential people in Indian politics and social space. The list of the names exposed were confirmed by The Wire, which claims to have adequate evidence to prove it, thanks to their investigative journalism.
How are they snooped?
Unlike other cases, this list is a specifically curated one which includes only the list of phone numbers that are being spied by the corresponding governments. This list included the phone numbers spied by the governments using an Israeli software, Pegasus.
The government uses the state of the art, network injection technology, i.e., zero-click technology to install the spyware on the individual’s mobile device without leaving any digital footprint for the user to know about it unless digital security lab.
What is Pegasus?
Pegasus, which is trademarked as Q-Suite is a product of NSO Group, which ranks as a leading cyber intelligence solution in the world. This Israeli software is a private entity which is still monitored and governed by the Israeli government to ensure that the product is sold only to governments and not to any private entities. It is also to be noted that, the product is developed by veterans of Israeli intelligence agencies.
The company explains its operations as a product that “enables law enforcement and intelligence agencies to remotely and covertly extract” data “from virtually any mobile devices”. Also, NSO says it sells its technologies solely to law enforcement and intelligence agencies of “vetted governments” for the sole purpose of saving lives and preventing criminal and terror acts.
NSO also has explained clearly that they do not hack US based smartphones and pretty much true to their statement, the list of 50,000 phone numbers leaked didn’t have any US phone numbers.
How does Pegasus operate?
Pegasus has been in the industry for quite long now and until 2018, the software relied on a SMS or a WhatsApp message with a malicious link to install the spyware on the devices. However, their latest offerings provide an easier access for the users to deploy spyware on the target’s devices without the aid of any kind of messages. The Pegasus can now install the spyware with no interaction of the target which NSO proudly calls their “NSO uniqueness, which significantly differentiates the Pegasus solution from any other spyware available in the market”.
All the user has to do is to provide the phone number of the target and the Pegasus will do the rest by itself. Unless the target device is unsupported by Pegasus or if the target device OS is upgraded with the required securities (very unlikely), the device will be hacked.
What devices can Pegasus attack?
Though the official list of supported devices (nor the clients) is shared by the company, we do not have an authentic list. However, from the list of phone numbers leaked and the history of the devices used by the targets, it is pretty evident that the Israeli software is capable of deploying the spyware on all devices including the Apple iPhones.
What’s more interesting is that Pegasus was able to bluff Apple via it’s in-house messaging platform iMessage. Also, in the August 2020, Pegasus was able to hack Apple’s then-latest mobile phone, iPhone 11 running on iOS 13.5.1. Similar instances have been recorded with Google and WhatsApp in 2019.
What information is accessible when hacked?
When hacked, Pegasus contacts the main servers of the device and is capable of fetching any and all kind of information available on the target’s mobile device. The information can include passwords, contacts, messages, call logs, and even end to end encrypted voice calls.
In addition to the information existing on the mobile device, Pegasus can also control and monitor the microphone, camera, GPS to reveal crucial information during private hours.
How to escape Pegasus attacks?
Theoretically speaking, there is nothing that one can do to prevent an attack from Pegasus at the moment. Tech giants, Apple leading from the front have promised to add multiple layers of security to build a fool-proof system and ensure complete security in the next weeks. Switching to a basic handset doesn’t ensure complete security given the data of call logs and message histories that reside in it.
The pragmatic way to protect the devices is to just stick to the basics of upgrading to the latest upgrades of the operating system.
If affordable, Techmye suggests to change mobile devices on a periodical basis since the spyware is installed on the hardware.
