If you've read news online in the past week, you've probably heard of the Pegasus e-scandal. Pegasus is a form of spyware created by the Israeli firm, NSO Group. It infects devices via WhatsApp, allegedly targetting around 1,400 devices in various countries. WhatsApp has since sued the NSO Group for exploiting their software to spy upon unsuspecting users.
According to WhatsApp's official complaint, users from 20 countries were spied upon "between, in, and around" April and May this year. Will Cathcart, head of WhatsApp, stated that at least 100 of these targets were high profile targets such as human rights activists, journalists, and lawyers.
The company claims to have sent an alert message to all users targetted, however, the exact number of Indian users remains unknown. According to the Indian Express, at least 24 academics, lawyers, and other high profile users were targetted.
Of course, all these facts beg the question; who exactly is targetting these users? While no concrete evidence is available yet, the NSO Group claims to only supply Pegasus to government intelligence and law enforcement agencies. Their statement implores serious issues about the right to privacy and expression promised to citizens of most countries.
How Pegasus Works
Pegasus gains access to devices by convincing users to click on a malicious link, or, as of recent cases, even a missed WhatsApp video call can suffice. Once present on your phone, Pegasus can access almost anything from texts to images and passwords, listen in on phone calls, and even turn on your camera or microphone without any notice.
A particularly frightening aspect of this piece of spyware is that it leaves virtually no trace; unless you're a cybersecurity expert, you probably cannot detect it in the first place.
Could you be at risk?
While the threat of secret surveillance upon social activists and workers is imaginable, it appears unlikely that the average citizen would be spied upon. WhatsApp has stated that everyone infected by the spyware has been sent an alert message, hence if you did not receive one, you're probably in the clear. It is necessary to keep in mind, however, that the spyware did go undetected for quite a while. The sensitive nature of the subject may mean that several facts are still yet to come to the light.
WhatsApp has since released an update that should prevent infiltration by Pegasus. It is important to update software and apps on your phone regularly. This ensures the best security measures available against the spyware. Of course, not clicking on suspicious links should be common practice.
If you did receive the alert message, the only way to get rid of the spyware is to discard your phone. Furthermore, make sure to change the passwords to all accounts that Pegasus could have accessed on your phone. While it may seem beneficial to switch from WhatsApp to other messaging platforms, most alternative platforms do not provide much security against such spyware either.
Remember, no digital platform or information is ever entirely secure. Limiting the number of devices that access sensitive information remains the best defence against cyber crimes and attacks.