What is Pegasus Spyware and How Does It Hack Phones?

Pegasus is an Israeli spyware which can easily infect a mobile phone or a device without the notice of its user. It is developed by the cyber arms firm of Israel, NSO. Later, NSO sold the software to government clients. The recent revelation about several governments bringing it in use made the headlines. Reportedly, the software has intruded more than 50,000 phone numbers all over the world.

Sometimes Pegasus is a boon while other times it turns into a bane. Let us know about far-reaching impacts and prospects related to this spyware.

What is Pegasus?

Pegasus is one of the most powerful spywares. It is named after a mythical winged horse ‘Pegasus’. It can infiltrate Android and IOS smartphones. However, it is marketed as a tool to track anti-social elements. NSO sells this to governments only. A single license to this software can cost up to Rs70 lakh.

As per some reputed media sources:

  • It caught the first attention in 2016.
  • Pegasus helps in the keystroke surveillance of texts, emails, searches present on the phone.
  • This spyware also assists in phone call tracking.
  • It enables location tracking.
  • Pegasus is capable of collecting passwords too.
  • NSO Group can intrude into mobile phone’s microphone and camera with the help of Pegasus.
  • NSO says that it provides ‘authorized’ governments with software that can help in combating crime.
  • Israel used it to eavesdrop on its opponents and allies.

Instances of Pegasus

2016Pegasus was reported on the phone of human rights activist Ahmed Mansoor.
September 2018The Citizen Lab Report mentioned 45 countries where Pegasus was found. It mentioned India too.
October 2019WhatsApp said that journalists and human right activists inIndia got targeted by Pegasus.
July 2021The Pegasus Project, International investigative journalism effort, disclosed that Indian government spied on more than 300 people between 2017 and 2019.

How does it work?

Pegasus Spyware can be installed on devices with certain versions of iOS, Android, Apples’ mobile OS, Mac computers. Let us know how it hit:

  • Some of its attacks are ‘zero-click’. Zero-Click is a condition where the phone-user is completely unaware or uninvolved. No interaction from the ‘victim’ side happens.
  • Once Pegasus gets on a phone, it can run random codes, retrieve contacts, photos, and messages.
  • It can provide infection vectors such as clicking links, the Photos app and so on.
  • Pegasus is capable of hiding itself in the best way possible. However, it waits for its command-and-control server for 60 days before the elimination.
  • It can make an entry into the device via SMS, email, chatting platforms or even with exploits which are unknown to device producers.
  • The software tries to achieve the ‘root privilege’. That is how it becomes the administrator of the device.
  • If the attacker has a physical accessibility of the device, it will take less than five minutes for the installation of this spyware.

Read Here: All about clubhouse app

Why is it in the news?

Pegasus spyware can actually turn a device into a ‘surveillance set up’. It has reappeared in the news because of the bigger scandal. This time it has covered politicians and well-known personalities. It has shown a wide circle of coverage.

Is Pegasus there in India?

As per the assumptions, Indian Government may have used the spyware. The claims say:

  • The NSO group has mentioned several times that they share the software only to ‘vetted’ governments.
  • Researchers at Citizen Lab have studied the usage of Pegasus. They found that India is one of the clients of this spyware company.
  • The Guardian mentioned that after India’s official visit to Israel in 2017, the usage in India increased.
  • No clear stance or statement by the government has been shown on it.

Do precautions work?

  • If Pegasus intrudes the system, nothing can save it from its exploitation. This spyware will continue working on the instructions of a remote server. It can record speech, will have access to calendar, chats and so on.
  • A switch to a simple handset can limit the amount of data exposed. Cell phones offering basic facilities of calls and messages will reduce the amount of data at risk. However, risk cannot be completely removed.
  • As a precaution one should not use the same device for emails, calling, messages and so on. The collection of data in one device can be a threat.
  • One can keep an eye on regular updates related to the device system. However, ’zero-day’ attacks are coming into the notice.
  • One can change cell phones on a regular basis. It will help in reducing the risk.

Read Here: Top precautions to protect your computer while telecommuting

Does Pegasus always affect the target?

  • The Pegasus system merely needs the phone number to attack. The rest of the damage happens automatically.
  • Most of the time Pegasus is successful. However, it fails when the target device is not supported by NSO.
  • Operating system upgrades with security protection may lead to Pegasus failure.
  • Changing the default phone browser can ‘confuse’ Pegasus.

Signs to know about the spyware attack:  

There are a few signs which can help in knowing whether the device got attacked or not:

  • Device’s antispyware program does not work properly.
  • Activation of camera, microphone without the notice of owner.
  • The connection of a malicious network is seen with the device.
  • Browser’s homepage appears changed without notice.
  • The device appears unusually slower.

What is a ‘zero-click’ attack?

A zero click attack does not need the permission of the owner of the device. With zero interaction with the real user and manufacturer of the device, an attacker can hamper it.

Pegasus, the spyware, can be considered a remarkable way of keeping an eye on the crime. However, its negative impacts are evident. Spying on someone can be a part of security arrangements by a government. But it can also create a threat to the luxury of privacy. The technology must be used with the sense of rationality to avoid any sort of misuse.


Can Pegasus be detected?

The Mobile verification toolkit helps in the detection of Pegasus. It is developed by researchers at Amnesty International.

Where does Pegasus not work?

Pegasus possibly does not work on US numbers.

What can Pegasus do?

Pegasus can steal every bit of information of the device without the notice of the user.

When was the Pegasus discovered for the very first time?

It was detected in the year of 2016 on an iOS system.

What is the Pegasus Project?

It is an international journalism effort to unmask the abuses of Pegasus. It is believed that spyware was used on opposition leaders, journalists, activists and so on.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.