The Pegasus spyware controversy, non-profit Amnesty International’s Security Lab confirmed the presence of the notorious Pegasus spyware on the devices of several Indian journalists. This revelation comes after Apple issued alerts to the targeted individuals, notifying them of being under “state-sponsored hacking.” The journalists voluntarily submitted their phones to Amnesty for testing, leading to the alarming discovery.
Pegasus spyware, developed by the NSO Group, is known for its sophisticated capabilities, enabling attackers to extract comprehensive smartphone contents. These capabilities, often referred to as ‘zero day exploits,’ exploit software vulnerabilities unknown to the general public, even on fully updated devices. Privacy activists argue that such technology constitutes an unconstitutional form of surveillance, infringing on individuals’ right to privacy.
The Forbidden Stories collective had previously reported on a leak of Pegasus spyware’s global targets, revealing that dozens of Opposition leaders, journalists, and activists were targeted until 2021. The recent findings by Amnesty International further raise concerns about the continuous use of Pegasus for surveillance purposes.
The recovered samples analyzed by Amnesty International’s Security Lab were consistent with the NSO Group’s BLASTPASS exploit, a vulnerability publicly identified by Citizen Lab in September 2021. Apple subsequently patched this exploit in iOS 16.6.1 (CVE-2023-41064), highlighting the ongoing cat-and-mouse game between spyware developers and tech companies working to protect user privacy.
Notably, the Union government has not categorically denied buying or using Pegasus spyware, adding a layer of complexity to the situation. The government’s refusal to cooperate in a Supreme Court-ordered investigation into the 2021 Pegasus revelations raises questions about transparency and accountability.
Government officials reportedly pressured Apple to provide alternative explanations for the security alerts issued in October. Misleading statements were made, including claims that similar messages had been sent to 150 countries, a statement later debunked as no other countries reported receiving such warnings.
The Pegasus controversy deepens with each revelation, casting a shadow over the Indian government’s commitment to protecting individuals’ privacy and human rights. The reported search for Pegasus alternatives after global scrutiny indicates a recognition of the controversial nature of the spyware. However, the revelation of ongoing Pegasus use raises concerns about the effectiveness of these alternative measures and the need for robust safeguards against unlawful surveillance.
As the Union government faces scrutiny and calls for accountability, the Pegasus controversy underscores the importance of striking a balance between national security concerns and protecting citizens’ fundamental rights in the digital age.