NSO Group reportedly directly contributed to a series of "infected" calls that targeted human rights activists and journalists by exploiting a loophole in the app, denounces the WhatsApp executive.
WhatsApp, one of the world's most popular email applications, owned by Facebook since 2014, announced Tuesday (October 29th) that it has filed a lawsuit against NSO Group, an Israeli spyware company. WhatsApp accuses him of contributing to the hacking, for espionage, of a hundred WhatsApp users, including journalists and human rights activists.
Last May, WhatsApp announced that a critical security vulnerability could have been exploited by spyware. The latter could be installed without the knowledge of the user of the application through a voice call infected by a pirate: the spyware was installed even if the user did not pick up. Once installed, this software made it possible to collect the geolocation of its target, to read its messages and e-mails, and to trigger without knowing the microphone and the camera of its telephone.
WhatsApp had announced that it had fixed this fault on May 13th. The Financial Times and the New York Times At the time, they wrote that it had been exploited to install the Pegasus spyware provided by NSO Group on the smartphone of a human rights lawyer.
100 targeted people, 1,400 infected devices
"After months of investigation, we can say who led this attack", announces Will Cathcart, the boss of WhatsApp, in a column published Tuesday in the American newspaper Washington Post. He directly accuses the NSO of being in contact with hackers who made infected calls on WhatsApp, in order to spy on people receiving fake phone calls.
They targeted, before May 2019, "100 human rights defenders, journalists and other members of civil society around the world"says Cathcart. A total of 1,400 devices were infected between April 29 and May 10 in various countries, including the Kingdom of Bahrain, the United Arab Emirates and Mexico, based on the complaint filed by WhatsApp in federal court, read in full on the Washington Post.
These targets are, according to Will Catchcart, an indicator of the involvement of the Israeli company NSO Group, known for providing its spyware to many countries in the world, including regimes that are not democratic. Last May, in a statement to the BBC, NSO Group denied being directly involved in "Operations, or target targeting" made possible by its "Technologies". According to the company, based in Herzliya, north of Tel Aviv, its spyware is 'Marketed through licenses to governments for the sole purpose of combating crime and terrorism'.
A denial that questions, now, the direction of WhatsApp. "We discovered that the attackers had used servers and Internet hosts whose links with NSO have already been established in the past", says Will Cathcart in the Washington Post, about hacking by "infected calls". "We were able to link some WhatsApp accounts used during this malicious operation to NSO. Their attack was ultra-sophisticated, but they did not entirely succeed in erasing their tracks ", specifies the leader.
In his text, Will Cathcart indicates that WhatsApp was helped, in this survey work, by cybersecurity researchers from the Citizen Lab at the University of Toronto. The latter published a statement detailing the background of their research over the past few months on the hundred or so cases of infected calls. on WhatsApp: they explain that this is one of the methods, but not the only one, of NSO's Pegasus espionage software release.
"Serve alert"
"This should serve as a warning to technology companies, governments and all Internet users"Will Cathcart add to his gallery. " Tools that spy on our private lives are being misused. When this technology is in the hands of irresponsible companies and governments, it puts us all in danger. "
This in a context where Facebook, the owner of WhatsApp, is notably engaged in a standoff with the US government on the protection of personal data exchanged by its users. In early October, the US Minister of Justice himself officially asked Facebook not to generalize to all its services the full encryption of communications, which WhatsApp is currently proposing. This is to guarantee a potential access of the police to the encrypted data exchanged between the users, as part of investigations.
"Democracies are based on a strong and independent press and civil society. Fragilizing the safety of the tools they use endangers them. But we want to protect our personal information and our private conversations. That's why we will continue to oppose the government's calls to weaken end-to-end encryption (communication system where only people who communicate can read exchanged messages)"concludes Will Cathcart in his gallery.