An international collaboration between The Guardian, The Washington Post, and other media outlets published a detailed report on Sunday about a spyware called Pegasus that’s been used globally to hack into personal cell phones. Pegasus was developed by an Israeli cybersecurity organization called the NSO Group and was sold to governments including Hungary, Rwanda, and India. The massive report revealed that the spyware tool was used to spy on many figures, including the family of slain journalist Jamal Khashoggi.

The information in the report was based on a leaked list that contained tens of thousands of phone numbers of journalists, activists, politicians, and other figures of interest – including French president, Emmanuel Macron, and also clients who purchased Pegasus. This list was provided by Amnesty International and a Paris-based nonprofit organization called Forbidden Stories. 

Out of the 67 infected phones examined by Amnesty International, 37 were found to show evidence of tampering, and most of them were iPhones.

How is Pegasus used for infiltration?

Pegasus is used by governments and other organizations to infiltrate smartphones and spy on apps such as WhatsApp, or by making it so that vulnerable victims click on a link that contains the malware. Pegasus uses flaws – both known and unknown – in operating systems that have not yet been fixed. 

The NSO Group has a history of spyware that does not require interaction from victims. Simple actions such as receiving a phone call can be used to infiltrate a phone without causing any suspicion. Detection of such spyware is usually difficult and it allows hackers to gather huge amounts of data from smartphones without any difficulty. This infiltration includes access to text messages and email correspondence, the user’s location, access to camera and microphone settings, contacts, and much more. 

Who was the target of the Pegasus spyware?

The list provided by Amnesty International and Forbidden Stories contained around 50,000 phone numbers. But this doesn’t mean they were all infected. However, the list did contain numbers of high-profile personalities such as executives, government officials, news reporters and journalists, and pro-democracy activists – all of whom could be important targets.

Indian investigative journalist, Swati Chaturvedi, says that Apple should block such spyware, and also expressed doubt over whether Apple couldn’t fix the problem or had deliberately left it unfixed.

Apple, however, maintains that its users’ security is a top priority and that it has always provided high-grade security to iPhone users. However, Apple did not clarify whether it has fixed previous vulnerabilities dating as far back as 2018.

The Apple Head of Security Engineering and Architecture stated that Pegasus was just a short-term threat and not an issue for the majority of iPhone users. Such spyware takes millions of dollars to develop and even then, has a short shelf-life. He said that these tools were used to target specific individuals and that the vast majority of Apple users had no reason to worry as iPhones are the safest mobile device on the consumer market.

However, all this simply goes to prove that no device is totally bulletproof and that cybersecurity is always a risk.