advertisement
WhatsApp is suing Israeli spyware developer NSO Group for exploiting a since-then fixed vulnerability in WhatsApp that allowed attackers to plant spyware in users’ phones just by ringing their target’s device.
WhatsApp filed a lawsuit in Northern District of California on 29 October (read it here), and Will Cathcart, the head of WhatsApp announced the suit on 30 October, in a Washington Post op-ed.
Catch all the coverage on WhatsApp snooping here.
In May 2019, a vulnerability in WhatsApp was reported by the Financial Times which allowed attackers to inject spyware on to targeted users’ phones through WhatsApp calls. The malicious code could be transmitted even if the users did not answer the calls. The malicious code was developed by NSO.
Yes, WhatsApp raced to fix it, and an update patching the vulnerability was released soon.
NSO is an Israeli private spyware company which is known for developing the spyware product Pegasus, which was used to exploit WhatsApp’s vulnerability. As per University of Toronto-based Citizen Lab, despite its claims that it sells spyware only to government clients, NSO’s technology has increasingly been used to target members of civil society.
It was incorporated in Israel in 2010 and had a marketing and sales arm in the US, WestBridge Technologies, Inc., as per WhatsApp’s lawsuit. Between 2014 and 2019, a San Francisco-based private equity firm acquired a controlling stake in the NSO Group. Now, however, it has been reacquired by its founders and management, and Q Cyber is listed as the only active director of the Group and its majority shareholder.
As per WhatsApp’s lawsuit, Pegasus and its variants can be “remotely installed and enable the remote access and control of information” on Android, iOS and Blackberry mobile phones. To enable its remote installation, NSO abused vulnerabilities in operating systems and apps, and used malware delivery methods such as spearphishing messages with links to malicious code.
NSO marketed Pegasus’s undetectable remote installation feature amongst its clients, as per the WhatsApp submission. Pegasus could:
As per Cathcart’s op-ed, the servers and Internet-host services used by attackers have previously been associated with NSO. Also, some of the WhatsApp accounts used by attackers have links to NSO.
No, according to WhatsApp’s submission. End-to-end encryption works on data in transit, that is, when a message is sent and received. Once a message is received at a device and decrypted, it turns into data at rest. It is this decrypted data that Pegasus snooped in on. While end-to-end encryption remained safe, compromised devices meant that NSO could spy on all the messages that were sent.
WhatsApp said that about 1,400 users were affected by this attack, and WhatsApp has written to them. Citizen Lab helped WhatsApp understand the impact of this attack on civil society. As per the Citizen Lab’s report, over 100 human rights defenders and journalists in at least 20 countries were targeted. It is unclear if there were any Indians affected by the attack. MediaNama has reached out to the Citizen Lab for clarification.
According to the company,
(This article first appeared in MediaNama and has been republished with permission.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)