Is Pegasus spyware targeting journalists in India? (The Hindu)

  • 29 Dec 2023

Tags:

Why is it in the News?

Amnesty International and Washington Post recently announced that it has found the presence of Pegasus spyware, sold only to governments, on two Indian journalists’ phones.

What is Pegasus Spyware, and How Does it Infiltrate Devices?

  • Pegasus is a sophisticated form of malware, covertly designed to gather information without the user's knowledge.
  • Developer: Developed by the Israeli security firm NSO Group.
  • Objectives: Pegasus serves three primary purposes:
    • Collecting historical data on a device discreetly.
    • Continuously monitoring user activities and gathering personal information.
    • Transmitting the collected data to third parties.

Infiltration Mechanisms:

  • Pegasus utilizes "zero-click exploits," exploiting vulnerabilities in popular apps like iMessage and WhatsApp.
    • Notably, zero-click exploits require no user interaction, differentiating them from typical cyberattacks.
  • Network injection attacks are another method employed by Pegasus, where unsecured websites are used to infiltrate devices within milliseconds of the user's visit.

What is a Zero-click exploit?

  • A zero-click exploit involves the installation of malicious software on a device without the device owner's consent.
    • Notably, it does not require any action from the device owner to initiate or complete the installation.

Specific Exploit in the Recent Case with Indian Journalists:

  • The particular exploit reportedly used in the incidents is known as BLASTPAST (previously identified as BLASTPASS), unfolding in two phases.
  • Initial Phase: The attack aims to establish a connection with Apple HomeKit, a platform enabling users to control various smart devices on their network.
    • The primary objective of this phase might be to assess how the device could be vulnerable to exploitation or to maintain visibility for potential future attacks.
  • Second Phase: Malicious content is sent through the iMessage app to the target device.
    • This stage is pivotal as it delivers the complete spyware payload, enabling extensive surveillance and data collection.