(This story was first published on 31 October 2019 and has been republished from The Quint's archives after publication of reports under the 'Pegasus Project', revealing how journalists, political leaders, activists and others may have been spied upon by the Israeli-made spyware Pegasus.)
WhatsApp might tout itself as a secure messaging platform, but even that hasn't saved it from being affected by spyware called Pegasus.
Pegasus, which has been developed by an Israel-based technology firm known as NSO Group, allows the hacker access to the phone's camera, microphone, files, photos, and even encrypted messages and emails. Basically, the entire phone. And remember that it affects both Android and iOS devices.
How does it affect the phone?
Well, the hacker just needs to WhatsApp call the phone he wants to infect. The receiver doesn't even need to answer the call, and the phone still gets infected. You can also send Pegasus via email and text messages.
WhatsApp has sued the NSO Group alleging that it is at fault for this mishap. It also has a list of all the users that have been affected by Pegasus. Now WhatsApp and a digital security firm Citizen Lab are sending alert messages to people who have been affected, but we still don't know the exact number of affected users.
Many users posted those messages on social media which is currently the only visible way to know who has the Pegasus spyware on their phone.
Apart from that, there is no other way to be sure as the spyware doesn’t account for any unusual activity or software lags on the phone.
Pegasus just sits inside the device and quietly keeps feeding information to the hacker. What's worse is that there is no way to get rid of this spyware apart from discarding the phone. Even a factory reset doesn't kill it.
So, the people who have been affected should just discard the phone and when they buy a new phone they should install all the updated versions of apps. You should also change all the passwords of cloud-based websites you log in to as Pegasus gains access to all the passwords you had on the old phone.
This is the only way to be sure you're safe.