Hold NSO accountable, says WhatsApp chief


More companies and, critically, governments, need to take steps to hold the Israeli surveillance firm NSO Group accountable, Will Cathcart, the head of instant messaging platform WhatsApp said.

This follows news reports that authorities across the world including in India had allegedly been using its hacking software – Pegasus – to target several people, including lawyers, human rights activists and journalists.

India on Sunday denied that it had used the spyware for unauthorized surveillance, saying official agencies have a well-established protocol for interception that includes supervision and sanction only in the interest of national security.

“We urge a global moratorium on the use of unaccountable surveillance technology now. It’s past time,” Cathcart said in a series of tweets following the news reports.

The Facebook-owned company discovered and thwarted an attack from NSO in 2019, he added.

“They rely on unknown vulnerabilities in mobile OSes (Operating Systems), which is one of the reasons why we felt it was so important to raise awareness of what we had found,” Cathcart said.

Such hacking attempts were the reason why the social media company continues to “tirelessly” defend its end-to-end encryption feature, he said.

“To those who have proposed weakening end-to-end encryption: deliberately weakening security will have terrifying consequences for us all…This is a wake-up call for security on the internet,” he said.

The mobile phone is the primary computer for billions of people and governments and companies must do everything they can to make it as secure as possible. “Our security and freedom depend on it,” Cathcart said.

See also  Amazon takes on supermarkets with free food delivery

Separately, WhatsApp told ET that the latest hacking targeted the phone’s operating system, and had nothing to do with security issues linked to the messaging app.

“NSO attacks take advantage of security vulnerabilities in the operating systems that power our mobile phones,” a WhatsApp spokesperson said in a statement. “We have consistently spoken out against our concerns about spyware companies.”

Once a phone is infected with Pegasus, clients of NSO can take control, enabling them to extract a person’s messages, calls and emails as well as the content of encrypted messaging apps such as WhatsApp, Telegram and Signal, The Guardian said in a report on Sunday, quoting Claudio Guarnieri, a security researcher who runs Amnesty International’s Security Lab.

Amnesty International and Paris-based nonprofit media organisation, Forbidden Stories, initially accessed the leaked list of over 50,000 numbers and shared that with the British news portal as well as 16 other media houses, including The Washington Post and The Wire.

India-based portal The Wire reported on Sunday that the leaked database included over 300 verified mobile telephone numbers in the country, including those of ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, and rights activists.

Telegram, a rival encrypted messaging app, said on Monday that it welcomes security experts to audit its system and appreciates their feedback and that it has had no major data leaks or security flaws in the eight years since inception.

“We are based on the MTProto (mobile) protocol built upon time-tested algorithms to make security compatible with high-speed delivery and reliability even on weak connections,” the company said. “We are continuously working with the community to improve the security of our protocol and clients.”

See also  Use Gmail on your iPhone? Google finally reveals everything it knows about you

Mobile devices are the ones that become vulnerable to a Pegasus attack, said Sivarama Krishnan, cyber security leader for Asia Pacific at PwC.

“Once the agent is installed on your phone, it becomes an application in itself. People with multi-channel public dealings are more vulnerable…the question is, is there a governance mechanism to minimize or eliminate the misuse? You can’t eliminate the use because you do need surveillance for legitimate purposes such as terrorism and national security.”



READ SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here