Cyber expert Sandeep Shukla, a professor of Computer Science and Engineering at IIT Kanpur and also runs a government funded cyber security lab, spoke to The Quint regarding Israeli company NSO group’s Pegasus Spyware and said that it’s a big black hole and almost impossible to crack ‘as the company keeps updating its modus operandi on how to attack mobile phones with malware.’
17 media organizations had published a global collaborative investigative project on 18 July, which is claiming that around 300 Indian phones have been targeted by this group’s spyware which includes that of ministers, opposition leaders, top lawyers, businessmen, rights activists and journalists.
Pegasus had first got the limelight in 2019 when WhatsApp (owned by Facebook) had claimed and confirmed that around 1.4k users were targeted using this spyware app which included journalists and human-right activists in India. They had disclosed this in a law court in San Francisco, US.
WhatsApp claims now that it has fixed the issue that allowed the successful penetration into a phone by Pegasus through a WhatsApp missed video call.
Currently, Pegasus is said to be using Apple’s messaging application iMessage to penetrate into the phones. A message is sent to the phone with the malware embedded on it. The user, does not even need to click on the message to activate the malware. The malware would be injected even if the owner tries to delete the message. According to Sandeep Shukla, iMessage currently contains the bug which WhatsApp previously used to have and had fixed it later on.
Sandeep Shukla has also stated that Pegasus has multiple other ‘zero-click’ methods to attack the targeted devices without even letting any interaction take place between the owner and the device. There has been many such ‘zero-click’ attacks observed since 2019 or even before that and is still continuing to happen. The most recent victims are the iPhone users as iPhones are frequently getting attacked.