Zero Click Attack: What Is Pegasus Spyware & Can You Protect Yourself From It?

New Delhi: The phone data of 40 journalists, 2 Union Ministers & one Supreme Court Judge has been compromised by the Pegasus spyware attack in India. Globally, 50,000 such numbers have been targeted.

What Is Pegasus Spyware?

Pegasus is spyware software of Isreal’s NSO Group which describes itself as “the world leader in precision cyber intelligence solutions for the sole use of vetted-and-approved, state-administered intelligence and law enforcement agencies”.

The spyware is believed to be able to infiltrate any phone anywhere. It can take control of the device and access all data. The phone can also be used as a surveillance device by the hacker.

Earlier in 2016, the spyware used a technique called ‘spear phishing’ to get into phones. It would send a text or email to the targetted device and once the link was clicked by the user, the spyware would download on the system. However, now the spyware is much more evolved and doesn’t require any input from the user, essentially a ‘zero-click’ attack.

In 2019, WhatsApp had revealed that the spyware could enter a device by simply placing a WhatsApp call. The user doesn’t even have to answer it!

A recent report suggests that Pegasus is capable of affecting Apple’s iMessage service. In fact, 9 of 10 phones hacked in the attack in India were iPhones.

What About Encrypted Messages On WhatsApp?

A report in the Washington Post said Pegasus can access WhatsApp messages before it is sent to or read by the receiver. Encryption protects the messages after they are typed and sent and before they are read. Pegasus targets the endpoints that is the device itself.

How To Protect Against Pegasus?

Experts believe that Pegasus is practically impossible to detect. It also leaves no trace of infiltration as stays on the phone’s temporary memory which means it is wiped off once the device is powered off.