Pegasus row: Read what it is and how it can affect your data security
According to Citizen Lab researchers, the zero-click assault has successfully exploited both the most recent iOS 14.4 upgrade and the iOS 14.6 version that was released in May.Author : A. Gayatri
A supreme court bench headed by Chief Justice NV Ramana is hearing a bunch of pleas seeking SIT probe in the pegasus snooping scandal. The court had on August 17 issued a notice to the government seeking an independent probe into the Pegasus snooping.
On Monday, the Centre had filed an affidavit before the Supreme Court stating that it has nothing to hide and will constitute a panel of domain experts to review all the issues concerning the alleged scandal.
“We are reserving and will pass an interim order. It might take 2-3 days to pass the orders. Mr Mehta, if there is any rethinking, you can mention the matter before us,” the CJI had told the centre.
Let’s see what the Pegasus spyware can do to your phone that has shaken the entire country questioning their data safety.
The iPhone of a Bahraini human rights activist was silently hacked early this year by the sophisticated Pegasus spyware, which has been used by various countries across the world, but this time without the device owner’s interaction.
Citizen Lab, a Toronto-based watchdog group, discovered this after analysing the activist's iPhone 12 Pro and finding evidence that suggested the device was hacked in February using a never before seen zero-click attack.
It was created by Israel's NSO group and took advantage of a flaw in iMessage that allowed the Pegasus malware to spread across the phone and take control.
After these attacks in February, IOS had received several updates since then, thinking their phone was safe now, however, that’s not the case.
According to Citizen Lab researchers, the zero-click assault has successfully exploited both the most recent iOS 14.4 upgrade and the iOS 14.6 version that was released in May.
The dangerous aspect of the spyware is it can bypass all of iOS 14's built-in security features, including BlastDoor, created to protect any such attacks by ensuring that no harmful data is transferred through iMessage.
The attack is named 'Forced entry' as it successfully breached the BlastDoor security.
“Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others attempting to make the world a better place,” said Ivan Krstic, Apple's head of security engineering and architecture.
Such attacks on anyone’s phone and data are very sophisticated and cost millions of dollars to develop. These attacks have a shorter life span and are employed to target specific individuals.
Ivan Krstic said even though it means this doesn’t cause harm to the large majority of users, still the firm proceeds to put efforts into securing the customer’s data and work in providing additional for their devices and data.
BlastDoor would be enough to provide a defence to iMessage, that other protections would be added with the future iOS 15 upgrade, expected to arrive next month, informed an Apple official.
Between June 2020 and February 2021, over eight Bahraini activists have been the target of snoop ware, while the Citizen Labs claimed the Bahraini government to be behind the attacks.
Bahrain is one of several authoritarian countries known as Pegasus' government customers, including Saudi Arabia, Rwanda, the United Arab Emirates, and Mexico. Yet, owing to the nondisclosure agreements, NSO has declined to name and verify dozens of customers, constantly.
Government clients of the NSO's spyware have almost complete access to their target's devices, including personal data, images, texts, and whereabouts.
More than 50,000 phone numbers are on the list of potential targets of Pegasus malware.
One of the phone numbers listed belongs to a member of the Bahrain Center for Human Rights.
Citizen Lab revealed that before Forced Entry, it targeted another zero-click attack known as Kismet. Kismet has stopped working on iOS 14 and later since the launch of Blast Door, according to Citizen Lab, although handsets running previous versions of the iPhone are still at risk.
Two more Bahrainis in exile in London- Photojournalist Moosa Abd-Ali and activist Yusuf Aljamli have also been previously targeted by FinFisher spyware Sold to the Bahraini government.
Abd Ali, who claimed he was detained and tortured in Bahrain, stated he thought he would be safe in Britain but had been subjected to physical and digital surveillance.
The Bahraini government on the other hand claims to be “committed to protecting individual rights and freedoms."
Meanwhile, in July, an international media consortium reported that over 300 verified cell numbers have been on the snooping lists, which also included Indians. Two politicians, over 40 journalists, three opposition leaders and several businessmen, activists are on the target lists of the Pegasus spyware of the Israeli firm NSO Group.
However, the Modi-led government has continuously been denying all Opposition allegations in the matter, on the other hand, the Opposition has been demanding the centre to speak if any surveillance was done on the citizens or not.