+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

NSO Group’s Pegasus can hack into any phone it wants without your knowledge — and there’s nothing you can do to stop it

Jul 20, 2021, 16:08 IST
NSO Group’s spying softwarePixabay
  • Pegasus spyware is built by an Israeli company called the NSO Group.
  • The software can be installed onto a phone without engaging the user, which means there isn't anything a person can do to avoid Pegasus if they have been targeted.
  • The Pegasus software has been accused of being issued by NSO Group’s clients to keep tabs on at least 180 journalists around the world, including 40 based out of India.
Advertisement
Israel-based NSO Group’s spying software, Pegasus, has been accused of hacking into the phones of at least 180 journalists around the world — 40 of whom are Indian.

A new investigative report by the Pegasus Project, a consortium of media outlets led by the Paris-based non-profit Forbidden Stories, names investigative journalist Paranjoy Guha Thakurta, The Wire co-founders Siddharth Varadarajan and M K Venu, columnist Prem Shankar Jha, reporter Rohini Singh, editor Devirupa Mitra and others as victims.

In India, Mexico, Azerbaijan, Morocco, Saudi Arabia, Hungary and other increasingly authoritarian countries around the world, Pegasus has been used to spy on, track down, and silence anyone who threatens the stability of these regimes.

Report by Forbidden Stories, a non-profit organisation based out of Paris, France

The global consortium got this information from leaked documents, which included more than 50,000 phone numbers of NSO Group’s clients.

And the Indian government has specifically been named as one of the clients. However, according to India’s newly appointed Information and Technology (IT) Minister, Ashwini Vaishnaw, the Pegasus leak is nothing more than “An attempt to malign the Indian democracy and its well-established institutions.”

In the past, similar claims were made regarding the use of Pegasus… Those claims had no factual basis and were categorically denied by all parties.

Indian IT Minister, Ashwini Vaishnaw, said during the Monsoon Session of Parliament on July 19

Advertisement

Becoming the software to beat

While the NSO Group claims it does provide “a mass surveillance technology,” the enterprise has been called out for the ‘reckless abuse’ of its spyware by numerous civil liberties and cyber security organisations around the world.

The narrative used to sell Pegasus is that it can be used to track down all sorts of criminals, terrorists and put a stop to money laundering. The tool they developed is a plug-and-play solution for intelligence agencies and governments that can’t afford to build their own surveillance systems.

The alleged amount of ‘leaked data of more than 50,000 phone numbers,’ cannot be a list of numbers targeted by governments using Pegasus, based on this exaggerated number.

Statement by the NSO Group in response to the report by The Pegasus Project

And what makes it a true gem is that it’s nearly invisible. According to the Hacking Team, the NSO Group has mastered ‘zero click’ attack vectors. This means hackers don’t need users to ‘accidently’ click on a link or download a malicious attachment in order to gain access to a phone — they can just stroll right in.

It’s one thing to educate people about links and suspicious text messages. It’s another thing to say, basically, there is nothing that you can do. And that’s a very bad place to be.

John Scott-Railton, a senior researcher at Citizen Lab, said in a statement

Advertisement
Once Pegasus is installed on a phone it gives the owner of the hack absolute control. It can execute commands and transfer any data — including passwords, contact lists, calendar events, text messages and live voice calls — without the phone user’s knowledge.

During the 2019 WhatsApp exploit, Pegasus could reportedly infiltrate a phone with a simple missed call. Its true abilities can employ multiple vectors to hack into devices like phishing messages and fake package notifications. It’s full capabilities are still hidden from the public.

NSO’s new owner, Novalpina Capital, has promised to employ new oversight to keep abusive hacks at bay and usher in a new era of oversight. But the investigation by Forbidden Stories shows that abuse is still on the charts.

SEE ALSO:
Turkey is ready to regulate crypto, and it could it more expensive for crypto companies to operate
Swiggy gets a $1.25 billion cheque from Softbank for the same reason Zomato went for an IPO
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article