Q) Pegasus has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks which do not require any action from the phone’s user.Discuss.

Why this Question?

Important part of GS Paper-III.

Key demand of the Question 

Examine the need for data privacy in India.


Discuss – This is an all-encompassing directive – you have to debate on paper by going through the details of the issues concerned by examining each one of them. You have to give reasons for both for and against arguments.


Start with an introduction about the recent Pegasus crisis.


Categorically discuss the problems related to spyware attacks.

In the next part, suggest some adequate solutions to these problems.


Conclude with a way forward.

Model Answer

Pegasus is a type of malware. Malware or Malicious software is a kind of software that can harm the user. It is often installed in devices without the knowledge or consent of the user. It collects information about the victim without their knowledge. They are used for surveillance and monitoring.

Pegasus Spyware

  • Pegasus is spyware created by the NSO Group which is an Israeli cyber arms firm. It can be installed on cell phones secretly without the knowledge of the user. 
  • Devices including those with operating systems iOS and Android are susceptible to Pegasus.
  • The Israeli company claims that the spyware is sold only to governments and official agencies. But this statement is unproven. 
  • Israel considers Pegasus as a cyberweapon. According to Israel, its exports are controlled.
  • The NSO Group is the developer of Pegasus spyware
  • Presently they are engaged in improving the spyware to make it difficult to detect.
  • The previous version of Pegasus accessed phones primarily through ‘spear phishing’. But now its capabilities have expanded. 
  • Now it does not require any interaction on the part of the phone user. This is even more dangerous.

Capabilities of Pegasus: 

  • Copying messages & media content 
  • Record calls 
  • Secretly access and record videos through the phone’s camera. 
  • Activate the microphone to record conversations. 
  • Access location & location history. 
  • It can harvest almost any information or extract any file. 

A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error. So all awareness about how to avoid a phishing attack or which links not to click are pointless if the target is the system itself. Most of these attacks exploit software which receive data even before it can determine whether what is coming in is trustworthy or not, like an email client.