Pegasus Spyware
The popular messaging platform WhatsApp is used to spy on journalists and human rights activists in India. The surveillance was carried out using a spyware tool called Pegasus, which has been developed by an Israeli firm, the NSO Group. The surveillance was carried out “between in and around April 2019 and May 2019” on users in 20 countries across four continents, WhatsApp said in its complaint. As a result, WhatsApp has sued the NSO Group in a federal court in San Francisco accusing it of using WhatsApp servers in the United States and elsewhere “to send malware to approximately 1,400 mobile phones and devices (‘Target Devices’) for the purpose of conducting surveillance of specific WhatsApp users (‘Target Users’)”.
The first reports on Pegasus’s spyware operations emerged in 2016, when Ahmed Mansoor, a human rights activist in the UAE, was targeted with an SMS link on his iPhone 6. The Pegasus tool at that time exploited a software chink in Apple’s iOS to take over the device. Apple responded by pushing out an update to “patch” or fix the issue.
Working of Pegasus:
To monitor a target, a Pegasus operator must convince a target to click on a specially crafted ‘exploit link’ which allows the operator to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission. Once the phone is exploited and Pegasus installed, it begins contacting the operator’s command and control servers to receive and execute operator commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity. In the latest vulnerability, the subject of the lawsuit, clicking the ‘exploit link’ may also not be required and a missed video call on WhatsApp will have enabled opening up the phone, without a response from the target at all. Pegasus can work on BlackBerry, Android, iOS (iPhone) and Symbian-based devices.
Vulnerability in WhatsApp:
The spyware targeted a vulnerability in WhatsApp VoIP stack which is used to make video and audio calls. By just giving a missed call on someone’s WhatsApp number allowed Pegasus to gain access to the device. This essentially means that despite offering high-end data encryption for chats, WhatsApp overlooked the security of its calling feature. The exploit impacted WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen (which is used by Samsung devices) prior to v2.18.15.