Context:
The Supreme Court, during a hearing on April 30, 2025, questioned objections to the use of Pegasus spyware by the Indian government, asking whether its deployment against anti-national elements could be considered unlawful if done for national security purposes.
What is Pegasus?
Pegasus is a powerful spyware developed by NSO Group, an Israeli cyber-arms company. It can covertly and remotely infect mobile devices (iOS and Android) without the user’s knowledge.
- Capabilities:
- Read text messages and emails
- Monitor calls and chats
- Access passwords, microphones, and cameras
- Track GPS locations
- Extract data from apps
- Name Origin: Derived from Pegasus, the winged horse in Greek mythology.
Purpose vs. Misuse
- Marketed for fighting crime and terrorism
- However, investigations show usage by governments to surveil:
- Journalists
- Lawyers
- Political dissidents
- Human rights defenders
Installation Method
- As of March 2023, Pegasus could infect iPhones (up to iOS 16.0.3) using zero-click exploits, requiring no user interaction.
- Earlier versions used malicious links to jailbreak devices via zero-day vulnerabilities.
Discovery and Technical Exposure
- First Identified: August 2016
- Ahmed Mansoor, a UAE human rights activist, received a suspicious link. He forwarded it to Citizen Lab, which collaborated with Lookout Security to analyze it.
- The link exploited three unknown vulnerabilities to install Pegasus, revealing:
- NSO Group’s direct involvement
- Broad data extraction capabilities
- Exploitation dating back to iOS 7 (2013)
