WhatsApp Chief Will Cathcart stated that the findings of a recent study into NSO Group‘s Pegasus spyware are consistent with what the app knew about a user assault in 2019. Cathcart also questioned NSO’s allegation that a list of tens of thousands of phone numbers is an exaggeration, pointing out that the WhatsApp attack targeted 1,400 people over a two-week period.
In an interview, Cathcart indicated that the 2019 attack targeted senior government leaders around the world, particularly national security officials who are “allies of the US.” In 2019, WhatsApp and Facebook, the app’s parent corporation, sued NSO over the hacking of over a thousand of its users.
Attorneys, journalists, human rights activists, political dissidents, and diplomats, according to the lawsuit, were among those targeted.
A phone infected with the Pegasus malware can reveal uncomfortably intimate details about a victim’s life. It allows clients to collect location information, phone logs, and contacts. The camera and microphone on the phone can potentially be used to spy on the victim.
Pegasus is alarmingly simple to install and infects phones by fooling users into clicking a link or activating itself without any user interaction.
Cathcart said the research’s reporting was “very consistent” with what WhatsApp denounced in 2019. The inquiry was carried out by a collaboration of 17 news media. Many of the targets of the WhatsApp attack, he continued, “had no business being under surveillance in any way, shape, or form.”
“This should be a wake up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone,” Cathcart said.
Furthermore, the WhatsApp CEO questioned the NSO’s response to the probe. Many of the claims in the research have been labeled as “uncorroborated theories” by an Israeli security organization.
It has dismissed one of the key pieces of evidence, a leaked list of more than 50,000 phone numbers thought to indicate people of interest for NSO clients, as an exaggeration, and denied the list has any connection to NSO or its clients.
Cathcart, on the other hand, pointed out that the WhatsApp hack targeted 1,400 people over the course of two weeks.
“That tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high. That’s why we felt it was so important to raise the concern around this,” he said, according to the outlet.
Cathcart also called for greater accountability for spyware developers, emphasizing that NSO’s government clients fund its operations. According to NSO, its customers include 60 intelligence, military, and law enforcement agencies from 40 countries. It claims that its clients, whom it does not name due to confidentiality concerns, are only permitted to use Pegasus to prevent and investigate crime and counterterrorism.
In response to Cathcart’s remarks, an NSO spokesperson said that the company’s goal was to make the world a safer place.
“We are doing our best to help creating a safer world,” the spokesperson replied. “Does Mr. Cathcart have other alternatives that enable law enforcement and intelligence agencies to legally detect and prevent malicious acts of pedophiles, terrorists and criminals using end-to-end encryption platforms? If so, we would be happy to hear.”