From UPSC perspective, the following things are important :
Prelims level : Pegasus
Mains level : Whatsapp snooping
Telephone numbers of some noted Indian journalists were successfully snooped upon by an unidentified agency using Pegasus software.
- All spyware do what the name suggests — they spy on people through their phones.
- Pegasus works by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone.
- A presumably newer version of the malware does not even require a target user to click a link.
- Once Pegasus is installed, the attacker has complete access to the target user’s phone.
- The first reports on Pegasus’s spyware operations emerged in 2016, when Ahmed Mansoor, a human rights activist in the UAE, was targeted with an SMS link on his iPhone 6.
What is the new threat?
- Pegasus has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks which do not require any action from the phone’s user.
- This had made what was without a doubt the most powerful spyware out there, more potent and almost impossible to detect or stop.
How do zero-click attacks work?
- A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error.
- Zero-click attacks are hard to detect given their nature and hence even harder to prevent.
- Detection becomes even harder in encrypted environments where there is no visibility on the data packets being sent or received.
- Most of these attacks exploit software that receive data even before it can determine whether what is coming in is trustworthy or not, like an email client.
Answer this PYQ from CSP 2018:
Q.The terms ‘WannaCry, Petya, Eternal Blue’ sometimes mentioned news recently are related to
(b) Crypto currency
(c) Cyber attacks
(d) Mini satellites