Syllabus: GS-III.
Subject: Security
Topic: Basics of cyber security
Context: The founder editor of the wire news website Siddharth Varadarajan and another journalist in India were targeted with Pegasus.
Synopsis:
- Pegasus, developed by NSO Group, is an invasive spyware infiltrating phones through exploit links, granting complete access.
- NSO Group claims to sell exclusively to governments; the Indian government has not denied using Pegasus.
- The spyware employs BLASTPAST, a zero-day exploit, exploiting unknown vulnerabilities without available patches.
- Citizen’s Lab findings reveal Pegasus utilizes a chain of zero-day exploits, penetrating phone security without user consent.
- In response, the Supreme Court appoints a technical committee to investigate allegations of Pegasus use in India.
Conclusion: However, Union Minister of State for Electronics and IT Rajeev Chandrasekhar denied the findings and termed it as “half facts, fully embellished”.
Concept: A “zero-day exploit” is a completely unknown vulnerability, about which even the software manufacturer is not aware, and there is, thus, no patch or fix available for it.
- The specific exploit allegedly in use on the two devices is called BLASTPAST
