Mobile, WiFi and Landline Telecommunication in India

I think it is high time for us to consider 5g. I have tried it and so far it is promising enough for me. There are many others who think that 5g is inefficient, but i am telling you that it is effective for most people. I would even download bigger bytes of data and still have a lot of time left in me. This is why i implore you to try 5g and get the most of your data speed rather than trying to work on slow internet and using 4g in the long run. That really kinda sucks.
 
Pegasus spyware: Should you pick old Nokia for privacy, it is a joke so don't take it seriously

In the wake of Pegasus spyware, the old Nokia feature phone is doing rounds on social media. This is the safest phone, say some users. While some know it's a joke, many are wrongly taking it seriously.




Javed Anwer
New Delhi
July 21, 2021
UPDATED: July 21, 2021 17:12 IST



Courtesy: Pixabay

HIGHLIGHTS
  • Pegasus spyware, created by Israel-based NSO Group, targets smartphones.
  • Pegasus can surveil a user completely and can scoop up call details, chats etc from phones.
  • Many on social media are saying that old Nokia phones are now safer.

Is an old Nokia feature phone safer than an iPhone? This is a question many people are asking on social media in the wake of revelations that Pegasus spyware can be easily inserted into smartphones, and once in, can be used to scoop all the sensitive data, including passwords, call details, chats, location data and other key user information. The question is meant to be a joke, but some people are seriously thinking of switching back to an old feature phone for better privacy.

That's not a great idea. Although, there is another aspect to it which indeed gives the old Nokia feature phones an edge over the latest iPhone 12 or a shiny OnePlus 9 Pro.
As far as the safety of an old feature phone is concerned, there is none. A feature phone is an easily hackable device. Its software, the way it is right now, is primitive. And so is its hardware. The primary functionality in a feature phone is communication through a cellular network: this means phone calls and messages through SMS.
Cellular calls and SMS, but their design, are extremely insecure technologies. Not just large governments, but even small law-enforcement agencies across the world can get into calls and SMS with little effort.




Phone tapping is a routine affair across the world.
So if you come across a message on social media saying how the old Nokia is a better choice against iPhone in Pegasus world, you can reshare the message for nostalgia. But don't, even for a second, believe that the old Nokia is a safer phone.

Smartphones, particularly the iPhone, have many protective features that make it more difficult for hackers and snoopers. There is a reason why over 45 countries, including India, have reportedly spent millions of dollars to carry out surveillance of some iPhone users.

Feature phones do have an advantage
But there is another aspect to it: feature phones are better from the privacy point of view.
A smartphone, as powerful and capable as it is, has been built to collect data. Tech companies use this data for various purposes, including to build profiles of users and sell them ads.
In contrast, a feature phone is simply a communication device. You talk, or you send messages. There is nothing more to it, except occasionally the game of snake.
So, even if it is easier to put a feature phone under surveillance, through this surveillance only details related to calls and messages can be snooped.

That is not the case with a smartphone. Smartphones mirror our entire life. So, as soon a smartphone has been compromised with a spyware like Pegasus, much more than call and message details is at stake. Through a smartphone, a user can leak: Call details, message details, WhatsApp chats, social media details, photos, schedule of meetings, actual pinpointed location data, web browsing details, information that is part of tens of applications that we use, emails, as well as everything that cameras in a phone can potentially see and microphones can potentially hear.
In other words, once Pegasus is inside the smartphone it is as if it is inside the user's mind.
This is where a feature phone is superior. It doesn't give away your thoughts. It only gives away what you speak or hear on a call or what you write or read in messages.
So, in a way, if you are extremely paranoid about your privacy and data security, a feature phone, if used wisely, might be a better idea than a compromised smartphone. But as far as the safety of a device is concerned, a smartphone is tougher to hack into compared to a feature phone.

Pegasus spyware: Should you pick old Nokia for privacy, it is a joke so don't take it seriously
 
Pegasus updated guide: How it infects phones, what it does, how to detect and get rid of it

The continued use of spyware Pegasus, which an Israeli company sells to governments worldwide, has been confirmed with fresh reports. Like the phones it targets, Pegasus has been apparently updated and now comes with new surveillance capabilities. A quick look at how Pegasus works and infects phones.




Sarthak Dogra
Noida
July 19, 2021
UPDATED: July 19, 2021 18:22 IST



(Image: Kaspersky)

HIGHLIGHTS
  • Pegasus is a spyware created by NSO Group, an Israeli company.
  • Pegasus is termed a cyber weapon by security researchers.
  • Reports suggest that Pegasus is used by governments, including India, to carry out surveillance.

There are fresh reports about Pegasus, the spyware that we first heard of in 2016. The reports, which detail how governments have used Pegasus across the world to spy on many journalists, activists, businessmen, politicians and others, indicate that Pegasus has evolved since its early days. Despite being a known commodity, it continues to have the capability to infect phones, including recent phones running updated software.


On Sunday evening, a number of websites, including the Washington Post and the Guardian, published a fresh set of reports based on research carried out by Amnesty International. The reports highlight that Pegasus remains in use and that over 10 countries, including India, are using this spyware to scoop data from the phones of thousands of people.
NSO Group has clarified that it sells Pegasus only to governments, while India has called the fresh reports "fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions."
The highly sophisticated spyware is meant to be a way to investigate terrorism and crime. At least that is what its maker, Israel-based cybersecurity firm NSO Group, claims. However, findings of collaborative research under the Pegasus Project seem to suggest otherwise.
The reports — all part of the Pegasus Project — present evidence that the spyware is used to conduct surveillance of numerous human rights defenders and journalists from around the world. The evidence was found through an in-depth forensic analysis of the phones infected with Pegasus.

The question, however, many readers may have is this: If you are using an iPhone or an Android, can Pegasus be used to monitor all your data?

The answer seems to be: Yes. And it is terrifying because earlier when Pegasus was found in 2016, Google, Apple, WhatsApp and others moved quickly to patch their software and devices against this spyware. However, it seems Pegasus too has evolved and even now it remains potent.
While its maker claims that the spyware "leaves no traces whatsoever," a new Forensic Methodology Report by Amnesty International's Security Lab shows forensic traces left by the spyware on iOS and Android devices.
The findings reveal much about how the spyware works, how it manages to sneak into a phone and to what extent it can be used. Consecutively the reports even tell us how it can be spotted on an infected device. Here is what we need to know.

How Pegasus infects phones?
Over the years, Pegasus has evolved in the way it operates and infects devices. The first version of the spyware was detected in 2016 and used spear-phishing to infect a smartphone. This means that it worked through a malicious link, usually sent to the target through a bogus text message or an email. The device became infected as soon as the link was clicked.

It now adopts a different and more sophisticated approach for reaching new targets. Shockingly, the new method does not require any input from the target user. It can infect a device by what is called a "zero-click" attack.
An example of this was seen earlier in 2019, when WhatsApp blamed Pegasus for infecting more than 1,400 phones through a simple WhatsApp call. Due to a zero-day vulnerability, the malicious Pegasus code could be installed on the phone, even if the target never answered the call.
While this was fixed by WhatsApp, which also filed a case against NSO Group in the US, Pegasus has now acquired different capabilities.
In the report on Sunday, the Guardian highlights the use of a similar zero-click Pegasus attack that exploits Apple's iMessage. The report explains that exploiting undiscovered security lapses in such widely used services helps Pegasus infect many devices easily.

The infections are apparently carried out by downloading malicious code from servers that NSO Group runs. The analysis by Amnesty International shows the links for downloading the bits of Pegasus are hidden in the contents of a message, or an image or the background data that apps often download on phones without requiring any inputs from users.
The fresh reports note that when the details of these servers become public, NSO Group shuts them down and creates new servers. In recent months, according to the reports, NSO Group is even using servers managed by cloud computing providers like Amazon Web Services to deliver Pegasus to phones.

What can Pegasus do?
Once a smartphone is infected by it, Pegasus can effectively monitor any activity you perform on it. This includes reading or copying your messages, extracting your media files, accessing your browser history, recording your calls and much more.
It can even turn the device into a surveillance tool by turning on its microphone to listen and record an ongoing conversation. Similarly, it can trigger the phone's camera to record a video at any point in time.
The spyware can even be used to extract the exact location of a device, or the history of its whereabouts. This means an infected smartphone will effectively give out the locations that its user has visited in the past or is currently at.
In 2017 researchers at anti-virus company Kaspersky wrote, "We're talking total surveillance. Pegasus is modular malware. After scanning the target's device, it installs the necessary modules to read the user's messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. It can spy on every aspect of the target's life. It's also noteworthy that Pegasus could even listen to encrypted audio streams and read encrypted messages — thanks to its keylogging and audio recording capabilities, it was stealing messages before they were encrypted (and, for incoming messages, after decryption)."

How is Pegasus detected on the phone?
Make no mistake that Pegasus is highly sophisticated spyware. This means that other than the intended spying purposes, it has been explicitly designed to avoid detection. So finding it on an infected device is no child's play.
In the earlier Pegasus attacks, the malicious link through the messages or emails were indicative enough of the spyware's presence. The consecutive practice of spyware-triggering WhatsApp calls was also identified as a threat later on.
The more sophisticated zero-click attacks these days have no such upfront indicators. Luckily, the new Forensic Methodology Report by Amnesty International sheds light on the traces that the spyware leaves.
The new security report highlights several domain redirections that have been spotted on infected devices. The initial ones were recorded in Safari's browsing history, but eventually, such suspicious redirects were found to take place in other apps as well. The report has published a total of 700 Pegasus-related domains that were discovered during the investigation.
Another method of spotting Pegasus, as described in the report, is through the iOS records of process executions "and their respective network usage" in two specific files. A suspicious process called "bh" was spotted in network usage databases of infected devices. This "bh" process was observed immediately following visits to Pegasus Installation domains.
Similar traces were found in almost all the vulnerabilities that Pegasus has exploited to date. The crux is that a regular smartphone user will never be able to detect these, while the spyware will continue to operate, leaking the user's data to the spyware user.
Amnesty has also decided to release the tools through which it detects Pegasus in public. Although, the tool is meant to be used by security researchers as it is not a simple app you can run on your phone or computer.

How to get rid of Pegasus?
Cybersecurity experts have indicated that a device infected by Pegasus might never be able to recover from it completely. Traces of the spyware might still be found, even after a hard factory reset of the device.
So the best option for victims of the spyware attack is to get rid of the infected device altogether. Users can check for all the indicators of a compromise through Amnesty International's GitHub. In addition, the organisation has also released a modular tool, called Mobile Verification Toolkit (MVT) for such an analysis. Anyone finding traces of Pegasus on their phones should switch to a new phone and change the passwords of the applications and services they used on it.




Pegasus updated guide: How it infects phones, what it does, how to detect and get rid of it
 
Pegasus spyware hacking: Reports show latest iPhones with iOS 14 can be hacked with zero-click iMessage exploit
NSO Group's Pegasus software was used to snoop on iPhones of high-profile entities and Apple's zero-click exploit in iMessage made it easier.


Shubham Verma
New Delhi
July 19, 2021
UPDATED: July 19, 2021 14:05 IST



Pegasus software found iPhones running iOS 14 an easy target. (Source: Kaspersky)

HIGHLIGHTS
  • According to a researcher, iPhone's zero-click exploit was used to install Pegasus.
  • NSO Group's Pegasus software is notorious for being a spying tool.
  • WhatsApp has criticised NSO Group for developing tools like Pegasus.

Pegasus spyware-making Israeli company, NSO Group, has found itself in dire straits again. The software was used to snoop on a large set of people, as their mobile numbers were found in a leaked database. NSO Group’s spyware is already notorious for giving backdoors to the mobile phones of the targeted entities. Both Android and the iPhone are the targets, but the latter is easier to be put on surveillance through Pegasus. And, according to a report, Apple’s zero-click exploit on iMessage made this job far easier.

Amnesty International, which unearthed the leaked database in collaboration with Pegasus Project, which is a consortium of news organisations that have seen the leaked database, has refuted NSO Group’s claims that Pegasus is used to investigate crime and terrorism-related cases and that it does not leave any traces. Amnesty International’s Security Lab carried out an in-depth forensic analysis of several mobile phones of human rights defenders and journalists from around the world to find out that Pegasus’s surveillance is not just a violation of user privacy, it also goes against human rights.
According to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software on the iPhone devices of the targeted entities. This exploit was discovered by Citizen Labs previously. It was known as KISMET and it allowed the installation of Pegasus software for the purpose of complete surveillance. The exploit was patched through an urgent software update that Apple released, but it seems like the exploit remains dormant until a zero-click is fired.

Citizen Lab’s researcher Bill Marczak said that Apple has a major problem with iMessage’s security even after the patch, which brought the BlastDoor Framework as a part of the iOS 14 update. Apple's BlastDoor Framework is supposed to make zero-click exploitation more difficult, thereby making the installation of the Pegasus spyware. However, the BlastDoor Framework may not be working as intended. Case in point: the fresh Pegasus surveillance scandal, which involves not just prominent journalists from around the globe, but also ministers and other high-profile entities. The researcher has noted that the spyware installed through zero-click exploits is no longer “persistent”.
According to Marczak, Apple using just sandboxing on iMessage does not solve what BlastDoor Framework should ideally. This means that whatever properties that BlastDoor has are kind of weakened by the sandboxing process, giving access to zero-click exploits. “How about: “don't automatically run extremely complex and buggy parsing on data that strangers push to your phone?!”” said Marczak in a tweet. The leaked database of the targeted iPhones has call logs and it was possible for Pegasus to retrieve them using an exploit in the ImageIO in iOS 13 and iOS 14 by parsing JPEG and GIF images. Marczak said that there have been “a dozen” high-severity bugs in Apple’s ImageIO.

Pegasus has raised several questions, more so when the clients using it involve governments from all around the world. WhatsApp has already slammed NSO Group for providing tools that make privacy a severely unimportant aspect. But a bigger question looms over Apple's claims that it has time and again made to show how iPhones are the epitome of user privacy. If a single zero-click exploit could have allowed mass surveillance, imagine what other vulnerabilities could do. Apple has not said anything about the incident yet.


Pegasus spyware hacking: Reports show latest iPhones with iOS 14 can be hacked with zero-click iMessage exploit
 
Last edited:
Pegasus spyware leak shows Apple needs to ramp up iPhone security big time

Even Apple has been left red-faced with the latest Pegasus spyware leak which shows that the Cupertino-based tech giant needs to ramp up its security.




Manas Tiwari
New Delhi
July 20, 2021
UPDATED: July 20, 2021 14:23 IST

iPhone 12


Even the latest iPhone 12 models have been attacked.

HIGHLIGHTS
  • Thousands of iPhones have been attacked by spyware.
  • Pegasus leak exposes Apple iPhones as well.
  • Pressure on Apple to take additional security measures.

Apple for long has taken a lot of pride in the secure experience it offers to the users. It consistently takes digs at Android, talks about the privacy at length during its keynotes and has introduced few features that offended the other Big Tech. But, even Apple has been left red-faced with the latest Pegasus spyware leak which shows that the Cupertino-based tech giant needs to ramp up its security. The spyware was used to target journalists and human rights activists from different countries of the world, including India.

Evidence of Pegasus infections or attempts at infections was found in 37 out of the total 67 smartphones that were assessed by the Amnesty International's Security Lab. Out of these, 34 were iPhones and 23 of them showed signs of a successful Pegasus infection, while the rest (11) showed signs of attempted infection.
In contrast, only three of the 15 Android smartphones showed evidence of a hacking attempt. But there two points to note here before you think that Android phones are safer than the iPhone. One, Amnesty's investigators clarified that it found Pegasus evidence more on the iPhone Android's logs are not comprehensive enough to store the information needed for conclusive results. And two, people have expectations of higher security standards than the iPhone.

Apple in the recent years has highlighted again and again that the iPhone is more secure phone compared to Android, and Pegasus or no Pegasus as a general statement it remains accurate. But it is also true that Pegasus story shows the iPhone is not as secure, or rather unhackable, as Apple suggests. This reflects in the statement put out by Amnesty.
"Apple prides itself on its security and privacy features, but NSO Group has ripped these apart. Our forensic analysis has uncovered irrefutable evidence that through iMessage zero-click attacks, NSO's spyware has successfully infected iPhone 11 and iPhone 12 models. Thousands of iPhones have potentially been compromised," Deputy Director of Amnesty Tech Danna Ingleton said in a blog post.
The incident is more worrisome because even the latest iPhone 12 models running the newest version of Apple's operating system were compromised. That's generally the best and the last layer of security a smartphone manufacturer can offer.

In a statement to India Today Tech, Ivan Krstic, head of Apple Security Engineering and Architecture, said: "Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data."

What all can Pegasus access?
While there is a lot of information around who all must have been affected and how, no examination has been able to reveal the data that was collected. The possibilities are endless, though. We know that Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories.
It is also capable of activating the cameras or microphones to capture fresh images and recordings. It has capability of listening to voice mails, collect location logs to figure out where a user has been, and all of this can actually happen without a person touching their phone or clicking on a mysterious link.

How was iPhone security breached?
The investigation reveals that the iPhones were hacked using Pegasus zero-click attacks. It mentions that thousands of iPhones are on the list of attacked devices but cannot confirm the number of phones that were eventually infected.
As the name suggests, 'zero-click' attacks do not require any action from the phone's user which adds more potential to an already powerful malware. These attacks target software which receives data even before it can determine whether what is coming in is trustworthy or not.
A similar vulnerability was highlighted by Google Project Zero security researcher Ian Beer in November 2019 who revealed that attackers can take complete control of an iPhone in radio proximity without any user interaction. Apple had fixed the issue with a software update but had admitted that it was powerful enough to corrupt the devices.
Since these zero-click attacks do not require any activity from users, it becomes very difficult to avoid them. You may be aware of phishing attacks, following the best internet practices but can still be targeted with this spyware.

What can Apple do from here now?
The best solution for any spyware attack is to ensure that your smartphone is running on the latest software update. That's why Apple and others keeping rolling out regular security updates. In this case though, even the latest iPhone models have been hacked which builds further pressure on Apple to change its otherwise strict policies and work with other tech companies.
Apple has been criticised for doing a poor job with collaborations and being secretive about its software updates. The incident should concern Apple as a lot of users switch to iPhones for security reasons believing that their activities will not be tracked from there on. The multiple vulnerabilities exposed in the recent times challenge its status as the superior operating system.
Apple holds several bounty programmes to find vulnerability in its software but, the efforts may not be enough given the rise in malicious activities with the increasing penetration of internet in human life.
Apple, though, is highlighting that it is focussing on privacy and security in its products eagerly and earnestly.
The company says that the security team has grown significantly, with growth of about 4x in the last 5 years and that it continues to work with independent security researchers even if it has not made it a focus to broadcast much of that collaboration. As an example, Apple points out to its bug bounty programme which, it claims, offers some of the highest payouts in the industry and has grown total payments over 4x a year since we announced it’s expansion in 2019, with millions of dollars in bounty awards already paid out this year.

Pegasus spyware leak shows Apple needs to ramp up iPhone security big time
 
Pegasus spyware scandal: What did WhatsApp say earlier, what is NSO Group saying

Pegasus Israeli spyware was used to snoop on journalists and activists in India and several other countries. NSO Group earlier said that the spyware was sold only to governments.

Akarsh Verma
New Delhi
July 18, 2021
UPDATED: July 18, 2021 22:46 IST



(Image courtesy: Reuters)

HIGHLIGHTS
  • Earlier WhatsApp had said that the Pegasus scandal showed a "mistakable battery of abuse."
  • WhatsApp filed a case against NSO Group, the creator of Pegasus.
  • NSO Group, based in Israel, claimed that Pegasus was sold only to governments for legitimate use.

Pegasus spyware has been called one of the most sophisticated ever. And now that it is the news again, it is worth looking back and see what WhatsApp and NSO Group earlier said about it.

News about Pegasus spyware developed by Israeli cybersecurity firm NSO created buzz in 2019 when it was revealed that the spyware could target not only Android phones but iOS as well using just a missed WhatsApp call. Even the call record for this missed call could be deleted by the spyware, thus, making it virtually impossible for anyone to know that they had been targeted by it.

Facebook-owned WhatsApp in October 2019 said Indian journalists and human rights activists were among those globally spied upon by unnamed entities using the Israeli spyware Pegasus.

The company also filed a case against NSO Group in the US, alleging that the sale of Pegasus like software was akin to selling cyber weapons. In late 2020, companies like Google and Microsoft joined forces with WhatsApp in the court against NSO Group.

In 2019, WhatsApp quickly closed the security vulnerability that helped Pegasus and launched a six-month-long investigation into 'abuse of its platforms'. The probe for the first time revealed the extent and nature of the surveillance operations that the Herzliya-based NSO Group has enabled.


WhatsApp described the Pegasus operations as "an unmistakable pattern of abuse". The Facebook-owned messaging app further added that "There must be strong legal oversight of cyber weapons like the one used in this attack to ensure they are not used to violate individual rights and freedoms people deserve wherever they live. Human rights groups have documented a disturbing trend that such tools have been used to attack journalists and human rights defenders."

On the other side, NSO Group said that its technology was sold only to carefully vetted customers and used to prevent terrorism and crime. NSO Group said that it respected human rights unequivocally and also conducted a thorough evaluation of the potential for misuse of its products by clients, which includes a review of a country's past human rights record and governance standards. The company further added that it believed the allegations of misuse of its products were based on "erroneous information".

Back in late 2019, when the Pegasus spyware scandal was at its peak, the NSO Group said in a statement: "In the strongest possible terms, we dispute today's allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists."

On Sunday evening, NSO Group in the statement to the Guardian called its report — titled The Pegasus Project — an attempt to discredit NSO Group on false grounds. "NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers' targets," the company noted in its lengthy statement to the British news website.

Pegasus spyware scandal: What did WhatsApp say earlier, what is NSO Group saying
 
Pegasus spying: how Pegasus is installed on phone, what it does, and how to get rid of it
Pegasus spyware, developed by NSO can infect a phone via a website link or a WhatsApp call. Pegasus has been referred to as the most sophisticated smartphone attack ever.


Akarsh Verma
New Delhi
July 18, 2021
UPDATED: July 18, 2021 22:35 IST




(Image courtesy: Reuters)

HIGHLIGHTS
  • Pegasus can be installed on vulnerable phones through a web link or a missed call.
  • The spyware can steal passwords, contacts, text messages, and photos.
  • The only way to avoid Pegasus after it has infected a phone is by getting rid of the phone.

Pegasus, developed by Israeli cybersecurity firm NSO Group, is a highly sophisticated spyware that has been referred to as the "most sophisticated smartphone attack ever". It was first noticed in 2016 but created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the globe, including in India.

Now it is in news because on Sunday evening a number of news websites, including the Washington Post and the Guardian, claimed that over 10 governments are using this spyware to spy on journalists, activists and other key media personalities. In India, according to the reports, over 40 journalists were under surveillance using Pegasus.

How is Pegasus installed on a phone?
Pegasus was initially used to gain access to a phone through a malicious web link through a message or email. Once a user clicked on the link, Pegasus would be installed on the phone. But then the spyware also gained some new abilities. Researchers found that it could be even installed on the phone with just a missed WhatsApp call.
Moreover, once Pegasus had access to the device, it could delete any call logs, thus making it virtually impossible for the victim to know that their phone was a target by the spyware.

What can Pegasus do?
According to cyber security researchers, following its installation, Pegasus contacts control servers that enables it to relay commands and gather information from the infected device. Stealing passwords, contacts, text messages, and accessing the phone's camera, microphone, and GPS, and other information with voice or video calls made through Whatsapp are well within its capabilities.

According to Citizen Lab of University of Toronto, "This malware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by operators remotely."
Kaspersky researchers called it a tool for total surveillance. They wrote in 2017: "Pegasus is modular malware. After scanning the target's device, it installs the necessary modules to read the user's messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. Basically, it can spy on every aspect of the target's life."

How to get rid of Pegasus?
Several cybersecurity analysts and experts have pointed out that the only way to get completely rid of Pegasus is to discard the phone that has been affected. According to Citizen Lab, even factory resetting your smartphone will not be useful as it cannot get rid of the spyware completely.


The attackers can continue to access your online accounts even after your device is no longer infected. Thus, the only way to get rid of Pegasus completely is to discard the phone and to ensure that all the apps which you reinstall on your new phone are up to date.
In order to ensure your online accounts are safe, you should also change the passwords of all the cloud-based applications and services that you were using on the infected device.

Should you worry about Pegasus?
Not really. There are two reasons for that. Though you should worry -- and should always do -- about digital privacy.
One, Pegasus is old spyware now. It has been well-researched, and companies like WhatsApp, Apple, Google, Microsoft and others have patched the security loopholes in their software that earlier allowed Pegasus to do its work. Unfortunately, though, this doesn't mean there are no new variants of Pegasus out there. It is possible that new variants of Pegasus or some similar spyware are still potent.
But you should still not worry because Pegasus or something like Pegasus is a targeted surveillance tool. It is expensive to purchase — think millions of dollars and requires sophisticated handling — and hence is likely to be used only by big organisations and governments. At any given point in time, these tools are supposed to be used only against hundreds or thousands of people. Or even fewer. In other words, Pegasus like software is primarily used against journalists, lawyers, top business leaders, politicians, and people who are likely to have access to top-secret information. If you are not one of them, chances are you or your phone will not encounter something like Pegasus.


Pegasus spying: how Pegasus is installed on phone, what it does, and how to get rid of it
 
False, far from reality: Pegasus developer on reports of phone hacking
Israeli cyber arms firm NSO, which developed the spyware Pegasus, has rubbished media reports which alleged that phones of journalists from across the world were hacked into.




Munish Chandra Pandey

New Delhi
July 19, 2021
UPDATED: July 19, 2021 13:20 IST

Pegasus spyware issue


Israeli firm NSO has rubbished the reports of Pegasus being used to spy on some Indians. (Image: Kaspersky)


Israeli cyber arms firm NSO, which developed the spyware Pegasus, has rubbished media reports which alleged that phones of journalists from across the world were hacked into and called the allegations “outrageous and far from reality”.


A conglomerate of news organisations across the world has published reports claiming that the Israeli spyware, Pegasus, was used by several governments across the world to spy on their journalists, politicians and other prominent citizens. Reports have also claimed that Pegasus was used to hack the phones of 300 Indians.

Here is the full statement by NSO Group
The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the “unidentified sources” have supplied information that has no factual basis and are far from reality.
After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims.
In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.

NSO Group has a good reason to believe the claims that are made by the unnamed sources to Forbidden Stories, are based on misleading interpretation of data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers targets of Pegasus or any other NSO products. Such services are openly available to anyone, anywhere, and anytime, and are commonly used by governmental agencies for numerous purposes, as well as by private companies worldwide.

The claims that the data was leaked from our servers, is a complete lie and ridiculous, since such data never existed on any of our servers.
As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi. We can confirm that our technology was not used to listen, monitor, track, or collect information regarding him or his family members mentioned in the inquiry. We previously investigated this claim, which again, is being made without validation.
We would like to emphasize that NSO sells it technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts. NSO does not operate the system and has no visibility to the data.


Our technologies are being used every day to break up pedophilia rings, sex and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones. Simply put, NSO Group is on a life-saving mission, and the company will faithfully execute this mission undeterred, despite any and all continued attempts to discredit it on false grounds.


False, far from reality: Pegasus developer on reports of phone hacking
 
Pegasus and NSO Group software used to commit horrible human rights abuses, says WhatsApp CEO

Will Cathcart, Head of WhatsApp, has criticised NSO's spyware Pegasus, which has been claimed to be used by several governments to track over 50,000 numbers, in the latest leak, that are associated with journalists, human rights activists, and lawyers.


Ketan Pratap

Ketan Pratap
New Delhi
July 19, 2021
UPDATED: July 19, 2021 10:24 IST

A WhatsApp advertisement is seen on the front pages of newspapers (Image: Reuters)


A WhatsApp advertisement is seen on the front pages of newspapers (Image: Reuters)

HIGHLIGHTS
  • Pegasus is back in the news again and has been claimed to be used by several governments.
  • The spyware is said to infect Android and iPhones to allow extraction of multimedia, record calls, and extract messages from targeted groups.
  • The latest leak reveals over 50,000 phone numbers that are being said to be tracked since 2016.

The news about NSO's hacking spyware, Pegasus, has again kicked off the debate around tracking individuals, including journalists, lawyers, and human rights activists in various countries. In addition, the latest report from the Guardian and some other media publications hint at the abuse of this powerful tool that can be done to infect iPhones, which Apple keeps saying is the safest mobile device on the planet and Android.

Will Cathcart, Head of WhatsApp, has come down heavily on the news and said that the "NSO's dangerous spyware is used to commit horrible human rights abuses all around the world, and it must be stopped."
Pegasus is among highly rated spyware or modular malware, as Kaspersky described in 2017, that have been reported in recent times. It is a tool that's not limited to any device or software application. It can be installed by sending a malicious link to a target device, and it is seamless enough to be identified by the person using the targeted device.
In a series of tweets, Cathcart has put forward some points and defended how WhatsApp in 2019 fought back against the tool from NSO. "In 2019, WhatsApp discovered and defeated an attack from NSO. They rely on unknown vulnerabilities in mobile OSes, which is one of the reasons why we felt it was so important to raise awareness of what we'd found," he tweeted.

He added that in 2019, WhatsApp worked with CitizenLab, which identified over 100 cases of abusive targeting of human rights defenders and journalists in more than 20 countries. "But today's reporting shows that the true scale of abuse is even larger, and with terrifying national security implications," Cathcart adds.






He suggested that companies and governments, especially, hold NSO Group accountable for this unwanted tracking. "Once again, we urge a global moratorium on the use of unaccountable surveillance technology now. It's past time," he added.

Cathcart claimed that this should be seen as a wake-up call for security on the Internet as smartphones are the primary device for many people. Governments and companies should do everything to secure it as much as possible. "Our security and freedom depend on it," he added.
"That's why we continue to defend end-to-end encryption so tirelessly. To those who have proposed weakening end-to-end encryption: deliberately weakening security will have terrifying consequences for us all," Cathcart said.
Cathcart also has lauded the efforts of Microsoft, Google, Cisco, VMWare, and more, who have spoken against the use of spyware tools by groups like NSO.

In the latest episode of Pegasus data leak, a list of over 50,000 phone numbers believed to be of interest to government clients of NSO Groups since 2016 has surfaced. The Guardian, in a report, claims that the analysis of the leaked data shows "at least 10 governments" to be NSO clients, including India.
However, the Indian government has outright denied these allegations. In response to the Guardian, the government said, "The commitment to free speech as a fundamental right is the cornerstone of India's democratic system. We have always strived to attain an informed citizenry with an emphasis on a culture of open dialogue."
The government of India also claims that the story has been crafted in such a way that the conclusions are skewed. "However, the questionnaire sent to the government of India indicates that the story being crafted is one that is not only bereft of facts but also founded in pre-conceived conclusions. It seems you are trying to play the role of an investigator, prosecutor as well as jury," the government said in response to the Guardian around the latest NSO leak.

Pegasus and NSO Group software used to commit horrible human rights abuses, says WhatsApp CEO
 
Apple condemns Pegasus spyware attack, says it is working on added protection
Apple has also noted that such attacks do not affect an overwhelming number of users and has said that the company is now working on added protections.


India Today Tech New Delhi
July 20, 2021
UPDATED: July 20, 2021 14:50 IST



(Picture : Reuters)

HIGHLIGHTS
  • According to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software.
  • Apple called such attacks “highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
  • The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software.

Apple, the tech giant which emphasises user privacy, was a victim of Pegasus spyware attack that snooped on journalists, activists and some government officials. In fact, according to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software on the iPhone devices of the targeted entities. The Cupertino giant has now released a statement condemning the attack. It has also noted that such attacks do not affect an overwhelming number of users and has noted that the company is now working on added protections.



Apple’s Head of Security Engineering and Architecture, Ivan Krsti, in a statement said, "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” the Apple spokesperson added.

A report by Amnesty International, a global organisation which is dedicated to fighting the abuse of human rights noted that the spyware can work on any smartphone, and discovered that it was still using the iMessage exploit that was previously thought to have been fixed.

This exploit was discovered by Citizen Labs previously. Zero click attacks do not require input from the user to trigger, are virtually undetectable, and run in the background. Apple had introduced a Blastdoor framework in iOS 14 to make zero clock attacks difficult but it does not seem to be working as intended as researcher Bill Marczac.

“AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 devices hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones,” Marczac wrote on Twitter. “It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving,” he added.


Apple condemns Pegasus spyware attack, says it is working on added protection
 
Top