Highlights:
- The NSO Group, based in Israel, sells surveillance software to government agencies which was founded by retired Israeli intelligence officials.
- The first version of Pegasus, discovered in 2016, infected phones via spear-phishing, in which a target was misled into clicking on a malicious link via a text message or email.
- Zero-click attacks are designed to take advantage of zero-day vulnerabilities in installed software or operating systems that developers or manufacturers are unaware of.
Pegasus, created by Israeli firm NSO Group and hailed by many as the most sophisticated mobile surveillance tool available, has once again become the focus of attention following the disclosure of a list of 50,000 phone numbers of suspected targets to Paris-based journalism non-profit Forbidden Stories and Amnesty International.
The list was shared with a global group of news organisations, including The Washington Post and The Guardian, among others. According to reports, security researchers discovered attempts to instal spyware on at least 37 phones belonging to journalists, businesspeople, and activists.
What is NSO Group?
The NSO Group is a company based in Israel that sells surveillance software to government agencies. It was founded by retired Israeli intelligence officials. The firm, which is said to have been created in 2010, sprang to attention after an Arab activist feared his phone had been hacked after receiving a suspicious message.
Since then, the NSO Group has been named in a number of cases and reports, including the 2019 hacking of former Amazon CEO Jeff Bezos and the now-deceased journalist Jamal Khashoggi’s mobile device.
Also Read: Bezos’ Phone Hacked, Facebook Says WhatsApp Unhackable, Blames Apple
In 2019, Facebook filed a lawsuit against the firm, alleging that the Pegasus tool was used to spy on various Indian activists and journalists. Affected users received a notice from WhatsApp, which is owned by Facebook.
How Pegasus works?
Pegasus can easily turn a target’s phone into a round-the-clock surveillance device if it infiltrates it. It has access to send and receive messages, photographs, and the ability to record phone conversations.
It can also control the camera and microphone on the phone. In rare situations, it may even be able to access GPS data, allowing the surveilling party to track a target’s movements.
Pegasus’ earliest version, discovered in 2016, attacked phones through a method known as spear-phishing, in which a text message or email was sent to a target, tricking him or her into clicking on a malicious link, allowing the spyware to be installed on the victim’s mobile device.
However, the NSO Group’s capabilities have grown since then, and the latest version of Pegasus is said to be capable of infiltrating a target’s phone without requiring the target to take any action.
These zero-click attacks are designed to take advantage of zero-day vulnerabilities in installed software or operating systems that developers and manufacturers are unaware of. The malware used a “zero-day weakness” in the WhatsApp application in the 2019 attack, which allowed users to receive a WhatsApp call and have the malicious code placed on their phone even if they didn’t answer. Similarly, Pegasus has infiltrated Apple’s iMessage programme.
The head of Amnesty International’s Berlin-based Security Lab, Claudio Guarnieri, has also observed that spyware has advanced to the point that it may be able to defy even forensic analysis. “Things are becoming a lot more complicated for the targets to notice,” he said, alluding to the NSO Group’s pivot to zero-click attacks from SMS-based phishing attempts. Pegasus can also be installed using a wireless transceiver – also known as an IMSY catcher – positioned near the victim that imitates legitimate cellular towers and intercepts and manipulates mobile traffic across certain frequency bands if spear-phishing or zero-click attacks are not possible.