PEGASUS SNOOPING IS AN ATTACK ON PRIVACY


Abstract

This article discusses Pegasus, a spyware that targets devices and collects data before leaking it to third parties without the user’s consent. This article also discusses the evolution of Pegasus, how it breaches smartphones and the various devices that are vulnerable to it. Further discussion is on the compromised right to privacy of citizens and the countries that were being targeted by this spyware. The last segment discusses recent steps taken in India by the Union Government to maintain right to privacy of every individual and the suggestions to prevent this attack.
Keywords: Pegasus spyware, NSO group, version of Pegasus, right to privacy.

Introduction

NSO Group, an Israeli company, develops, markets, and licenses Pegasus, a hacking software program, to governments all over the world. Billions of smartphones running the iOS or Android operating system have the ability to be infected. This program is capable of copying messages, harvesting photos and recording calls. A malicious app might secretly record conversations through the phone’s microphone or film through the camera .
Developed by veterans of Israeli intelligence agencies, the In addition to Pegasus, Q Cyber Technologies also markets the Q Suite solution as Q Suite as “a world-leading cyber intelligence solution that allows law enforcement agencies to remotely and covertly extract” data “from almost any mobile device” . The company Pegasus is currently at the center of a worldwide collaborative investigation that has identified use of the spyware against mobile phones in India, among others.
Clients of NSO Group traditionally used SMS and WhatsApp to trick targets into opening malicious links that would lead to their mobile devices being infected. In a brochure published by Pegasus, this was described as Enhanced Social Engineering Message (ESEM). In response to a malicious link packager that appears as an ESEM, the recipient phone is directed to a server that checks the operating system and deploys the appropriate remote exploit.
The Amnesty International report from October 2019 was the first to confirm the use of ‘network injects’, which gave attackers the ability to install spyware without the target having to do anything. Different methods can be used by Pegasus to accomplish zero-click installation. An over-the-air (OTA) method involves sending a covert message that makes the target device install the spyware, without the target being aware of the installation, which she would otherwise not be able to control. Pegasus’ brochure declares that the Pegasus solution is unique, as it separately stands out from any other spyware .

Earliest version of Pegasus

Pegasus spyware evolved as it breached smartphones by sending malicious links via text messages and emails via a technique known as “spear-fishing” in 2016.
In 2019,the spyware was capable of intercepting a missed call via WhatsApp and deleting the record of the call. In this situation, the user may not always be aware of being targeted. Over 1,400 iPhones and Android phones have been infected with Pegasus using WhatsApp’s bug. The list includes journalists, government officials, and activists. The bug was quickly corrected. In 2021,a report from the Pegasus Project, which was a project taken in the spirit of investigative journalism, showed that opposing politicians, government officials, activists, journalists, and many others were being spied upon by various governments. Between 2017 and 2019, about 300 people were spied on by the Indian government using it, according to the report .


What kind of devices are vulnerable?


About all devices. Pegasus is primarily targeted at iPhone users through Apple Messaging app and Push Notification Service (APNs) protocol. Apple’s servers allow spyware developers to create pressure notification applications that can be downloaded and sent to iPhones. Citizen Lab, a University of Toronto interdisciplinary laboratory, alerted cyber security firm Lookout about the existence of Pegasus in August 2016, and the two notified Apple about the possibility of a breach. Various details about the version of Pegasus for Android, were unveiled by Google and Lookout in April 2017 .


Targets of Pegasus Spyware


Several media outlets reported identifying more than 1,000 people in more than 50 countries whose names appeared on the list. The media reports indicate that the numbers were concentrated in 10 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and United Arab Emirates .


India’s- Privacy rights


Over 300 Indians are being monitored using the Israeli software called Pegasus. Hackers could use this software to hack into phones, see files, documents, voice calls, and pictures of the person hacking them. Their investigative stories revealed the failures of the country’s government and most of the names were anti-establishment. Regardless of how the Pegasus scandal unfolds, it has once again brought to light privacy issues and the extent to which governments may abuse their powers. Historically, snooping has always been prevalent in India, but this is the first instance of sophisticated technology used unethically to decrypt communications of those who are not supportive of the government. This dramatically undermines both an individual’s rights and the democracy of the nation for those who advocate it. According to the IT Minister, his only defense since the controversy broke has been that the government is required to protect its citizens’ privacy as a result of an existing law protecting their privacy. Under the Telegraph Act and a separate IT Act, the government of India currently conducts surveillance. Telegraph Act addresses recordings of audio calls and interception, while the Information Technology Act covers electronic communication in general. Despite this, both acts have loopholes that the Centre has not addressed, and taking advantage of that gap is what the Center uses to snoop on and silence opposing voices .


Right to Privacy


Democracy is a feature of India. Democracy is at its core about the people. Whenever incidents like this (Pegasus snooping) occur, they cause citizens’ rights to be compromised. Right to privacy is implied under a number of constitutional provisions, even though it is not explicitly mentioned in the Constitution. While the Union government maintains that the Right to Privacy is not a fundamental right, the Supreme Court of India unanimously recognized it as such in a 2017 judgement. As mentioned in the K.S Puttaswamy v. Union of India judgment, Article 21 of the Constitution of India includes An individual has a right to privacy, which is one of the rights that include the right to control his or her own data and the right to live an unlimited life online.


Recent steps taken-


● In 2018, the Cyber Surakshit Bharat Initiative was launched with the aim of making people aware of cybercrime and creating safety measures for Chief Information Security Officers (CISOs) and frontline IT personnel from government departments.
● The National Cybersecurity Coordination Centre (NCCC) was established in 2017 to monitor and detect real-time cyber threats being sent into the country by detecting internet traffic and communication metadata.
● Viruses were removed from computers and devices through a platform introduced in 2017 called Cyber Swachhta Kendra.
● Computer Emergency Response Team – India (CERT-IN): This organization deals with cybersecurity threats like phishing and hacking .

Concluding Remarks


Switching to an ancient telephone that can only make and receive basic calls and texts, may limit exposure to data, but may not reduce infection risk significantly. As mentioned above, unless one immediately stops using email and apps altogether, any alternative devices will remain vulnerable. In addition, if one has the budget, switching phones periodically may be the most effective, though expensive, remedy.
Security vendors can help to fix the vulnerabilities exploited by the attackers by providing as much information about Pegasus Spyware as possible. In order to prevent political parties and intelligence agencies from misusing spyware, governments must take measures to strengthen privacy laws.


Reference

  1. THE GUARDIAN, https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones, (last visited Aug. 3, 2021).
  2. Jay Mazoomdar, How Pegasus infects a device; what data can be compromised, THE INDIAN EXPRESS (Aug. 3, 7:12 PM), https://indianexpress.com/article/explained/pegasus-whatsapp-spyware-israel-india-7410890/.
  3. BYJU’S, https://byjus.com/current-affairs/pegasus-spyware/ (last visited Aug. 3, 2021).
  4. DRISHTI IAS, https://www.drishtiias.com/daily-updates/daily-news-analysis/pegasus-spyware (last visited Aug. 3, 2021).
  5. Priyanka Chaturvedi, Pegasus affair is an assault on privacy, THE PIONEER (Aug. 3, 7:34 PM),https://www.dailypioneer.com/2021/columnists/pegasus-affair-is-an-assault-on-privacy.html.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s