The answer is not a big suprise.
Pegasus, an Israeli spyware developed by NSO, made international news in 2019 after it was discovered that several governments were using it to spy on human rights activists and journalists.
Pegasus was allegedly used to extract messages and information from the phones of journalists, politicians, and activists in many countries, including India, according to a global investigation by a group of 17 media organisations, Amnesty International, and the Paris-based non-profit organisation Forbidden Stories.
Pegasus is also said to infiltrate Android and iPhone devices, enabling operators (in this case, governments) access to texts, photographs, and emails. It can also secretly record calls and activate microphones.
Why is spyware like Pegasus made in the first place?
The Indian government has categorically disputed the allegations, claiming that government agencies did not conduct any authorised interception. As further parts in the expected leaks are released, the politics of the new disclosures will undoubtedly play out in the coming weeks and months.
The Pegasus Gate, a term that will almost certainly be attached to the controversy, forces us to address a fundamental question: Is your phone ever truly safe?
WhatsApp, which is owned by Facebook, admitted in 2019 that Pegasus had targeted about 1,400 of its users in 20 countries. WhatsApp, on the other hand, provides end-to-end encryption. In the face of sophisticated spyware like Pegasus, however, none of our personal communications can ever be fully secure.
To answer the question of how safe our phones are, the response is that they aren’t very safe. Many of you are probably aware of or comprehend this in a broader sense.
However, the fact that spyware like Pegaus is pricey can be comforting, as the Israeli company claims to sell it to “vetted and reputable government organisations” who fight “serious crime and terrorism.” In any event, the surveillance is not ordered by the NSO.
It is undeniable that advanced software such as Pegasus is required to combat criminals such as terrorists and underworld figures. For legitimate law and order reasons, governments and their sleuths require technology to intercept messages.
But the safety and sensitivity of every weapon depends on who is handling it. And unfortunately some of those who have access to such hi-tech snooping tools sometimes use them for self-serving purposes.
How is Pegasus 'infected' into a phone? A missed call may be enough
Spyware is software that secretly watches and collects data on your internet behaviour, data on your device, and a variety of personal information.
The bad news is that spyware may sift through calls, texts, and other data after it’s placed on a phone. It has the ability to turn on the phone’s camera and microphone, as well as do any other malicious action.
The main concern now is that it doesn’t take much to ‘infect’ a phone with Pegasus malware. All it takes is a WhatsApp call, for example. And for all you cared, you need not have even answered it.
Technically, data packets in the voice call sent to the target/victim are tampered with. It causes an internal buffer in the WhatsApp programme to overflow, causing chunks of the memory to be overwritten and the app’s security to be bypassed. It’s easy to regain control of the phone and its data after that.
According to investigators, ‘authoritarian countries’ have been known to construct bogus Whatsapp accounts in order to make video calls to their targets. Even if the targets did not answer the phone, the hackers were able to send the malicious code and have the spyware installed automatically.
According to experts, the only method to totally rid your phone of malware like Pegasus is to throw it away. Even a ‘factory reset’ might not be enough to get your phone back in working order.
The fact that Pegasus was not used to target ordinary people is a redeeming grace in this case. Only a small number of journalists, human rights activists, and so-called government dissidents appear to have been targeted.
However, as a member of the general public, you cannot afford to be complacent. You must always be cautious and follow safe technology practises (keep all your apps updated, stay away from dubious sites and links, avoid answering calls from unknown numbers.)