WhatsApp alleges that Israeli tech company NSO Group Technologies is heavily involved in the hacking of WhatsApp users. The firm’s Pegasus spyware, enabling the remote surveillance of smartphones, supposedly spies on thousands of international officials, journalists and activists.
Hacking Journalists and Activists
The messaging service says NSO used servers in the United States to hack the smartphones of 1,400 WhatsApp users. Many of these users work as journalists and activists in Africa and Asia. As well, WhatsApp claims the Israeli company is also responsible for gross human rights violations, although the company denies it.
NSO Group says that its government clients bought their spy tool to track down people they believe are terrorists and criminals. Moreover, it claims not having any knowledge of how their clients use its software, shifting the blame away from the company. In the past, countries such as Saudi Arabia and Mexico were spied on using Pegasus.
John Scott-Railton, Senior Researcher at Citizen Lab of the University of Toronto, worked on this case together with WhatsApp. Since NSO controls the servers, they can identify the users being targeted with logs, which includes IP addresses, Scott-Railton said. Nevertheless, security experts still highly regard WhatsApp’s encryption technology, which is secured via end-to-end encryption.
WhatsApp Sues NSO In Historical Lawsuit
In 2019 WhatsApp filed a lawsuit against NSO, the first case of its kind by a major tech player. More technical details about how Pegasus can allegedly be deployed against targets is an essential part of the lawsuit. WhatsApp’s investigation into the use of Pegasus has shown that servers controlled by NSO Group were crucial to the hack.
The goal was to call up unsuspecting WhatsApp victims using the messaging app that would then get infected with Pegasus. WhatsApp affirmed that NSO used a network of computers to monitor and update Pegasus after it ended up on users’ devices. These NSO-controlled computers were the gateway through which NSO spied on its clients’ operation and use of the spyware.
According to WhatsApp, NSO gained unauthorized access to its servers by reverse-engineering the app and then bypassing security functions. A WhatsApp engineer analyzed the attacks and found IP addresses in the malicious code used by cybercriminals in 720 instances. One remote server was located in Los Angeles, California, owned by a company whose data center NSO used.
NSO Fights Terrorism and Saves Lives
NSO claims it doesn’t know how government clients use its hacking tools or who they’re targeting. The company plans to file a response in the coming days to tell its side of the story. It claims that its products can be used to stop terrorism, curb violent crime and save lives, not facilitating hackers.
Although the Israeli company makes the software, how its clients make use of it is not something they actually monitor. They argue that statements about their business and interactions with intelligence and law enforcement agency clients have been accurate. However, critical experts such as Scott-Railton remain unconvinced and vigilant.
In fact, Scott-Railton recently tweeted that NSO is marketing Covid-19 tracking software in the US. NSO’s new app is called Fleming and apparently contains much of the same technology as its flagship product Pegasus. It uses phone data and public health information to identify who individuals infected with coronavirus may have come into contact with. NOS touts Fleming as an evolution in analytics software that won’t compromise privacy, although in light of this lawsuit the tech world will be watching closely.