WhatsApp Sues Israeli Cyber Surveillance Company Over Hacking Claims
Whatsapp is suing NSO Group, an Israeli cyber surveillance company, alleging it hacked more than 1,400 WhatsApp users, including senior government officials, journalists, political dissidents, human rights activists, and diplomats.
In a statement released by Facebook-owned WhatsApp, the company said it believed the attack "targeted at least 100 members of civil society, which is an unmistakable pattern of abuse."
The legal action revolves around an incident earlier this year when, as court documents state: "Between in and around April 2019 and May 2019, (NSO Group) used WhatsApp servers, located in the United States and elsewhere, to send malware to approximately 1,400 mobile phones and devices ("Target Devices"). (NSO Group's) malware was designed to infect the Target Devices for the purpose of conducting surveillance of specific WhatsApp users. Unable to break WhatsApp’s end-to-end encryption, (NSO Group) developed their malware in order to access messages and other communications after they were decrypted on Target Devices."
The alleged malware in question is Pegasus, which has the ability to turn on a smartphone's camera and microphone, collect messages, emails and location data, even if the recipient doesn't answer the call.
"This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users," said WhatsApp.
NSO Group denied the claims in its own statement: "In the strongest possible terms, we dispute today's allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years."
WhatsApp is seeking a permanent injunction banning NSO Group from using their service.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.