Blame Apple and Google for the Pegasus phone hacks, say Telegram and WhatsApp chiefs
The creators of two of the most prominent messaging apps - Telegram and WhatsApp - have both independently commented that NSO Group's Pegasus phone hacking software is a real and present danger to all of us, as both have have had a nasty experience with such phone surveillance software.
This is actually almost verbatim what the WhatsApp CEO has been requesting in his open letter to governments since the Pegasus attack on its users in 2019. Needless to say, nobody does anything until they are personally affected by the spyware, says Durov:
WhatsApp, which was bought by Facebook and its founders quickly dismissed over arguments for the chat service's future, is now headed by Will Cathcart, a former spam warrior over at Gmail who has been very eloquent on phone privacy threats like Pegasus for a while.
That's partially because of a painful experience with the spyware. Just this past October, WhatsApp filed a lawsuit against NSO Group, the Israeli spyware firm behind Pegasus that managed to hack the accounts of at least 1400 prominent WhatsApp users in 2019 despite the end-to-end encryption of the chat app.
"The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then," says Mr Cathcart for The Guardian, and calls on Apple, whose iPhones turned vulnerable to the Pegasus hack as well, to wake up to the threats and speak out like Microsoft recently did:
I hope that Apple will start taking that approach too. Be loud, join in. It’s not enough to say, most of our users don’t need to worry about this. It’s not enough to say 'oh this is only thousands or tens of thousands of victims.'
If this is affecting journalists all around the world, this is affecting human rights defenders all around the world, that affects us all. And if anyone’s phone is not secured that means everyone’s phone is not secure.
On that same note, there is now a tool to check if your iPhone has been hacked by the Pegasus spyware for one reason or another. It's not very straightforward, though, and when Apple plugs the vulnerability that allowed the zero-click Pegasus installation, there might be another one opened.
An Apple-Google duopoly is to blame about phones with Pegasus spyware
In fact, the founder of Telegram claims that Google and Apple may be purposefully nonchalant about these exploits, as they are requested by their government's security agencies but just masked as innocent vulnerabilities when their use becomes notorious like with the current Pegasus scandal.
These tools can hack any iOS and Android phone, and there is no way to protect your device from it. It doesn't matter which apps you use, because the system is breached on a deeper level.
According to the Snowden revelations from 2013, both Apple and Google are part of the global surveillance program that implies that these companies have to, among other things, implement backdoors into their mobile operating systems. These backdoors, usually disguised as security bugs, allow US agencies to access information on any smartphone in the world.
According to the Snowden revelations from 2013, both Apple and Google are part of the global surveillance program that implies that these companies have to, among other things, implement backdoors into their mobile operating systems. These backdoors, usually disguised as security bugs, allow US agencies to access information on any smartphone in the world.
According to Mr Durov, the NSO Group's defense that it only sells software like Pegasus to governments and their vetted security agencies, doesn't hold water in the end as "anybody can exploit them."
That's precisely what happened with Pegasus, whose ingenious software made its way not only onto phones of criminals and terrorists but rather also prominent opposition leaders, investigative journalists, human right advocates, and even heads of state like prime ministers, presidents, and a king.
Telegram's founder should know, as he has been resisting the advances of Russia's notorious security agencies to implement a backdoor in Telegram so that they can snoop on opponents. The encrypted chat app's immense popularity at its home turf, however, and some hide-and-seek games with the Russian regulatory authorities, managed to make the Telegram ban in Russia a ban in name only, until they finally gave up on the backdoor request, at least officially.
Mr Durov wasn't so lucky when it comes to the Israeli software, though, as he suggests he has known one of his numbers to be compromised by a Pegasus-like software since 2018, yet he's not very worried as there's no "important information" to find. Moreover, while living in Russia he assumed all of his phones are compromised in one way or another. He, however, is worried that:
These surveillance tools are also used against people far more prominent than me... The existence of backdoors in crucial infrastructure and software creates a huge challenge for humanity. That's why I have been calling upon the governments of the world to start acting against the Apple-Google duopoly in the smartphone market and to force them to open their closed ecosystems and allow for more competition.
This is actually almost verbatim what the WhatsApp CEO has been requesting in his open letter to governments since the Pegasus attack on its users in 2019. Needless to say, nobody does anything until they are personally affected by the spyware, says Durov:
So far, even though the current market monopolization increases costs and violates privacy and freedom of speech of billions, government officials have been very slow to act. I hope the news that they themselves have been targeted by these surveillance tools will prompt politicians to change their minds.
Will the Pegasus debacle move the phone privacy and security needle in the right direction? Apple already issued a statement that lamented the unauthorized spyware usage, saying that:
Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.
Mr Durov, however, remains sceptical about Apple's current approach that claims top-shelf security and privacy while its handsets keep being compromised in one way or another. Back in 2019 he commented on one NYT article about Chinese government access to iPhone user data there with the following:
The worst part of Apple’s tech though is not clunkier devices or outdated hardware. Owning an iPhone makes you a digital slave of Apple – you are only allowed to use apps that Apple lets you install via their App Store, and you can only use Apple’s iCloud to natively back up your data.
It’s no wonder that Apple’s totalitarian approach is so appreciated by the Communist Party of China, which – thanks to Apple – now has complete control over the apps and data of all its citizens who rely on iPhones.
It’s no wonder that Apple’s totalitarian approach is so appreciated by the Communist Party of China, which – thanks to Apple – now has complete control over the apps and data of all its citizens who rely on iPhones.
Apple's "limited in scope" statement about the iPhones hacked with Pegasus spyware, however, is precisely what the WhatsApp and Telegram bosses warn against - complacency - so we'll see where that road takes its users who have mostly bought into "the iPhone is the most secure phone" mantra hook, line, and sinker.
Things that are NOT allowed: