Not just Indians, hundreds of users across at least 20 countries were targeted during the surveillance by Pegasus which continued from April to May, 2019.
WhatsApp surveillance scandal: Rattled by reports that a spyware developed by an Israeli firm to snoop on journalists, human rights activists and lawyers, the government on Thursday asked the Facebook-owned messaging app WhatsApp to explain how the breach took place and what measures it has taken to protect the privacy of users in India. Communication and Information Technology Minister Ravi Shankar Prasad asserted that the government was concerned over the breach of privacy and sought a detailed response from WhatsApp over the matter.
“We have asked WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” Prasad tweeted. The ministry has asked WhatsApp to submit its reply by November 4. The Opposition parties including the Congress have alleged the involvement of the BJP-led government and said it was “caught snooping” on citizens. Congress has also called for the intervention of the Supreme Court in the matter. The BJP has denied all such arguments and assured that those behind the breach of privacy will not be spared.
Not just Indians, hundreds of users across at least 20 countries were targeted during the surveillance which continued from April to May, 2019, according to the complaint filed by WhatsApp against Israeli firm NSO in a federal court in San Francisco earlier this week. The surveillance software named – Pegasus – has been developed by Israeli firm NSO.
Pegasus – What it can do and how
Being a spyware, Pegasus’ primary job is to collect data from the phone of the target person. An ‘exploit link’ is first sent on the target’s phone and if the link is clicked, the spyware installs itself on phone without the knowledge of the user. Once installed, the attacker can access complete data from the phone through the surveillance software.
According to a report by Citizen Lab, which is based at the Munk School of Global Affairs and Public Policy, University of Toronto, Pegasus can “send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps”.
How Pegasus installs itself via WhatsApp
While earlier it required a link to be clicked to get the spyware working on a phone, Pegasus used a chink in WhatsApp video/audio call function allowing the malware to install itself.
A missed audio or video call on WhatsApp is all Pegasus needs to start working on the target device.
According to an apparently old Pegasus product description brochure quoted by the Indian Express, the software can work on BlackBerry, Android, iOS (iPhone) and Symbian-based devices too.