NSO’s Pegasus is used to “commit horrible human rights abuses” globally and “it must be stopped”, WhatsApp Head Will Cathcart said on Twitter, responding to the investigation carried out by a global media consortium that revealed that the spyware is being used to spy on activists and journalists. India is found to be among more than 50 countries where the spyware is believed to be used as a cyber-surveillance weapon. In 2019, WhatsApp had sued Israel’s NSO Group for exploiting a vulnerability in its app to allow its Pegasus malware to gain access to user devices.
Cathcart urged in a long thread on Twitter that human rights defenders, tech companies, and governments must work collaboratively to increase user security and hold the entities abusing the Pegasus spyware accountable.
“This is a wake up call for security on the Internet,” he said. “The mobile is the primary computer for billions of people. Governments and companies must do everything they can to make it as secure as possible.”
In 2019, @WhatsApp discovered and defeated an attack from NSO. They rely on unknown vulnerabilities in mobile OSes, which is one of the reasons why we felt it was so important to raise awareness of what we’d found. https://t.co/iSMuwLrKpJ
— Will Cathcart (@wcathcart) July 18, 2021
Pegasus first came into the limelight for snooping on activists, advocates, journalists, and senior government officials in 20 countries including India in May 2019. It exploited a known vulnerability, which WhatsApp fixed before it became public, to infiltrate Android and iOS devices of the targets.
Months after spying cases were reported, WhatsApp filed a lawsuit against NSO Group — the makers of Pegasus. The Facebook-owned company also worked with the Internet watchdog Citizen Lab to identify more than 100 cases of abusive targeting of activists and journalists in over 20 countries.
Cathcart noted that the latest revelation showed that the true scale of abuse is even higher.
“We need more companies, and critically, governments, to take steps to hold NSO Group accountable,” he stated. “Once again, we urge a global moratorium on the use of unaccountable surveillance technology now.”
The new investigation, which was based on a massive data leak and was carried out by 16 media organisations including India’s The Wire and global outlets such as The Washington Post and The Guardian, revealed that Pegasus was used to keep an eye on over a thousand activists, journalists, business executives, government officials, and politicians, among others.
As per security researchers, the spyware can be installed on a phone by exploiting a common vulnerability and, once installed, it can transmit data such as SMS messages, emails, and even chats from apps including WhatsApp to the attacker. It can also provide GPS data to let the attacker understand location details of their targets.
NSO Group insists that it has designed Pegasus only for spying on criminals and terrorists. However, the fresh investigation by media organisations and what was found in 2019 show that the spyware has continued to be abused to target intellectuals with no criminal background.