Sweeping Pegasus Spyware is Expensive: Indian Cyber Investigator Urges Apple, Google to Take Action
13:13 GMT 22.07.2021 (Updated: 14:42 GMT 25.10.2022)
Subscribe
On 18 July, an explosive Forensic Methodology Report by UK-based human rights group Amnesty International claimed that Israeli spyware Pegasus was possibly snooping on more than 50,000 influential people globally. Around 300 of them were Indian journalists, activists, politicians and scientists among others.
The spyware system Pegasus has been classed as a highly sophisticated, military-grade snooping mechanism which, if embedded in a phone or laptop, could extract messages, contacts, locations and phone-call recordings to transmit to whichever cyber attacker has hacked into your system.
Speaking to Sputnik, cybercrime investigator, Ritesh Bhatia, said Apple and Google need to take immediate action to resist Pegasus becoming embedded on iOS and Android operation systems (OS).
The Mumbai-based expert said that getting rid of Pegasus would be very expensive and tedious for hacked individuals otherwise.
"Now that people are becoming aware of Pegasus' presence on their devices, it's natural for them to want to get rid of the system obviously. They must, however, know that the process would require them to rely on cybersecurity professionals and forensics experts to counter-code the spy system from their devices which will cost them loads of money," Bhatia said.
"For more paranoid people, they could replace their phone or laptop with new devices, which again is expensive," the founder of the cybersecurity firm V4WEB added.
After the big exposé of a cyberattack, Amnesty International released a Mobile Verification Toolkit (MVT) so that users could check whether their devices had been violated by this spyware.
The toolkit, however, is advanced and requires technical knowledge beyond the understanding of most people. The cheaper and easier way to get out of the snoop-grid, according to the cyber expert, would be for Apple and Google to release quick advanced security patches to counter this massive breach on their respective operating systems.
"People spend hundreds and thousands of dollars on buying iPhones and Android phones. It is not entirely their fault that they fell prey to this spy attack. Tech geniuses are sitting in the offices of Apple and Google - it is their job to fix issues in their systems".
"For these tech giants, it should be a matter of grave concern that despite their flaunting their robust security technologies, tens of thousands of users are being subjected to unlawful surveillance," the investigator said.
"I also urge everybody please to download whatever next official updates they get for their devices to get rid of Pegasus without having to shell out any cash," he added.
Although Apple said spyware such as Pegasus is "highly sophisticated, costs millions of dollars to develop and has a short shelf life", it did not reveal what its next steps are to help users who have been hacked.
"These days most apps ask for permission to gain access to the microphones, locations, messages and galleries of your devices. Think before granting permission. Use limited apps and delete the ones that you no longer use. Also, only download apps from Apple Store or PlayStore," Bhatia told Sputnik.
Third-party apps - especially those beauty-enhancing applications - can always trap users in cyber problems. "Before exposing the children and elderly around you to particular platforms, make them aware of the risks such as fake news and OTP frauds that may come with the platforms," the 45-year-old researcher noted.
Detecting Pegasus or other sophisticated spywares on devices is often difficult because these systems latch themselves via codes fed on malware which cannot be detected by regular people. Once clicked, these malware links slyly attach spying systems onto the devices without alerting the users at all.
He cautioned users to be alert to whether one's mobile phone is heating up for no apparent reason, the data pack is getting used up faster or the battery is draining quickly.
"The working of spyware consumes the energy and internet availability on infected devices. There are some basic hints that suggest that your phones are infected with spywares," Bhatia noted.
The controversy around Pegasus is gaining momentum in India, as the opposition leaders have accused Prime Minister Narendra Modi's government of spying on people who raise their voice against the authorities.
We know what he’s been reading- everything on your phone!#Pegasus https://t.co/d6spyji5NA
— Rahul Gandhi (@RahulGandhi) July 19, 2021
The government has denied the accusations during the ongoing Monsoon Session of parliament.
This statement is floating around as the 'government response' to the hack-attack on aindian biggies by 'Israeli spyware pegasus' .
— Radhika Parashar (@_RadhikaReports) July 18, 2021
It remains unclear, which ministry or minister is this coming from.
No signatures..no letter head.. nothing @GoI_MeitY @AshwiniVaishnaw pic.twitter.com/08qn1uNN3E
Bhatia has joined other Indian cybersecurity experts Sputnik has interviewed in the past in urging the Indian government to take active measures and build a strong web-security network as soon as possible.
He said that as of now, India is not entirely ready to safeguard its citizens against such attacks. "The Pegasus scandal exposes the dark side of pushing Indians into the cyberspace with accelerating online payments, communications and more".
"Indians need to be aware of the risks of going deeper into the layers of internet so that they can make informed decisions regarding which phones and apps to buy and use".
"It is the need of the hour. Cyber warfare is only going to increase in the future and nobody as of now, is safe," the web investigator added.
In March, India's Computer Emergency Response Team (CERT) reported to parliament that in 2018, 2019 and 2020, the number of central ministry, department and state government websites to have been hacked totalled respectively 110, 54, and 59. CERT also said that more than 26,100 Indian websites were breached in 2020.