WhatsApp Blames Malware Attack on Cybersecurity Company

WhatsApp claims Israeli spyware allegedly hacking smartphones

WhatsApp accuses a cybersecurity company for a malware attack on roughly 1,400 of its users for the purposes of surveillance. The service claims the malware attacks were too sophisticated for it to have been the work of hackers.

WhatsApp Accuses NSO Group

WhatsApp alleges that the malware used in the attacks is of a type that companies usually develop for law enforcement agencies to track individuals of interest. This fact led WhatsApp to point the finger at the Israeli Cybersecurity company NSO Group for the malware attacks. NSO is best known for providing the FBI with access to an Apple iPhone being used by the US San Bernardino shooters when Apple refused to do so.

WhatsApp owners, Facebook, are suing NSO and have also named Q Cyber, a company affiliated with NSO, in the case. NSO, which provides surveillance software to licensed government intelligence and law enforcement agencies, denied the allegations. “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” the company said in a statement to the BBC.

How Did the Attackers Do It?

In April and May this year, attackers called parties they wished to attack through WhatsApp. They then used the call to get into the phone and install the malware. Once the attackers had accessed the phone, the malware erased the history of the call so that users were unaware of the attack.

However, according to WhatsApp, the malware was unable to break WhatsApp’s encryption. Instead, the malware infected the targeted phones, giving the attackers access to messages after they were decrypted on the receiver’s mobile. Apparently, the people targeted were specific users such as journalists, human rights activists, political dissidents, senior government officials and diplomats.

WhatsApp has since fixed the security flaw and a patch has been provided by the company. WhatsApp recommends that users update the WhatsApp application on their devices, if they haven’t done so already.

Implications of Malware Attack for WhatsApp

This malware attack could be damaging for the brand, since WhatsApp promotes itself as a secure communications application. WhatsApp uses end-to-end encryption, which is supposed to prevent messages, or any other transmitted data such as pictures and videos, from being read or secretly modified by anyone other than the true sender and recipient(s) of the messages.

Furthermore, since Facebook bought WhatsApp in February 2014, WhatsApp’s privacy practices have been under scrutiny due to Facebook’s record with regards to privacy. This incident does nothing to lessen concerns with regards to Facebook’s effect on WhatsApp’s privacy practices.

Kate Fazzini, technology reporter for CNBC said: “Even though this incident appears to have affected a minor number of people who were specifically targeted, as far as trying to get a hold of their conversations, it might cause them bigger problems for WhatsApp that it is already under scrutiny by its customers.”

WhatsApp has not yet disclosed how it became aware of the malware attacks.  However, WhatsApp has stated that it is seeking a permanent injunction banning NSO from using its service to ensure NSO does not try this again in the future.

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For VPNoverview.com she follows relevant cybercrime and online privacy developments.