Developers of the “Peagsus” software, the NSO Group, originally licenced it to governments to track terrorists and criminals.
However this is not the first time such misuse of the software has come to light. Similar surveillance activities were reported in 2019 as well.
Over two dozen Indian academics, lawyers, journalists and dalit activists are believed to have been targeted during the 2019 attacks.
The surveillance took place during the run-up to the 2019 general elections.
How does it work?
‘Pegasus’ is a spyware used to snoop into handsets. It has been claimed that even a missed video call on WhatsApp could give Pegasus complete access to users’ smartphones.
It enabled opening up of the handsets and the operator installing the spyware on the device without the owner’s knowledge.
This resulted in the hacker accessing the user’s data including passwords, contacts, calendar events, text messages and even live voice calls from messaging apps.
The 2019 attacks and WhatsApp’s complaint
After the 2019 attacks, WhatsApp in its complaint filed in California said the attack happened through its video calling feature.
It said, Pegasus is capable of surveillance on three levels: initial data extraction, passive monitoring and active collection.
The software was used to hijack smartphones running on iOS, Android and BlackBerry operating systems.
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number,” WhatsApp said in its complaint.
The spyware leaves no trace on the device, consumes minimal battery, memory and data consumption and comes with a self-destruct option that can be used any time, the complaint further added.