Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

WhatsApp Sues Israeli Firm NSO Over Cyberespionage

WhatsApp on Tuesday sued Israeli technology firm NSO Group, accusing it of using the Facebook-owned messaging service to conduct cyberespionage on journalists, human rights activists and others.

WhatsApp on Tuesday sued Israeli technology firm NSO Group, accusing it of using the Facebook-owned messaging service to conduct cyberespionage on journalists, human rights activists and others.

The suit filed in a California federal court contended that NSO Group tried to infect approximately 1,400 “target devices” with malicious software to steal valuable information from those using the messaging app.

WhatsApp head Will Cathcart said the lawsuit was filed after an investigation showed the Israeli firm’s role the cyberattack, despite its denials.

“NSO Group claims they responsibly serve governments, but we found more than 100 human rights defenders and journalists targeted in an attack last May. This abuse must be stopped,” Cathcart said on Twitter.

The lawsuit said the software developed by NSO known as Pegasus was  designed to be remotely installed to hijack devices using the Android, iOS, and BlackBerry operating systems.

The complaint said the attackers “reverse-engineered the WhatsApp app and developed a program to enable them to emulate legitimate WhatsApp network traffic in order to transmit malicious code” to take over the devices.

“While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful,” Cathcart said in an opinion piece published in the Washington Post, noting that the investigation found internet-hosting services and accounts associated with NSO.

The suit calls on court to order NSO Group to stop any such attacks and asks for unspecified damages.

Advertisement. Scroll to continue reading.

WhatsApp in May called on users to upgrade the application to plug a security hole that allowed for the injection of sophisticated malware that could be used for spying at the messaging app used by 1.5 billion people around the world.

The malicious code was transmitted through WhatsApp servers from about April 29 to May 10, targeting devices of attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials, according to the complaint.

“A user would receive what appeared to be a video call, but this was not a normal call,” Cathcart said of the cyberattack.

“After the phone rang, the attacker secretly transmitted malicious code in an effort to infect the victim’s phone with spyware. The person did not even have to answer the call.”

– Fighting ‘crime and terror’ –

The NSO Group came to prominence in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates. 

Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target’s phone camera and microphone, and access data on it.

The firm has been adamant that it only licenses its software to governments for “fighting crime and terror” and that it investigates credible allegations of misuse, but activists argue the technology has been instead used for human rights abuses.

Danna Ingleton of Amnesty International said the results of the WhatsApp investigation  “underscore that NSO Group continues to profit from its spyware products being used to intimidate, track, and punish scores of human rights defenders across the globe, including the Kingdom of Bahrain, the United Arab Emirates and Mexico.”

Ingleton said Amesty and other groups are seeking in the Israeli courts to block NSO for exporting the technology.

“WhatsApp deserves credit for their tough stance against these malicious attacks, including their efforts to hold NSO to account in the courts,” she said.  

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.