Israeli Firm Accused Of Spying By WhatsApp, Lawsuit Filed Against It


10/30/2019



Israeli technology firm NSO Group has been sued by WhatsApp over allegations that the Israeli firm had used the Facebook-owned messaging service for undertaking campaigns of espionage on journalists, human rights activists and others.
 
Approximately 1,400 “target devices” were attempted to be infected by the NSO Group by infecting them with a malicious software to decamp with private and possibly valuable information of the users of he Whatsapp messaging app, alleged that company in the legal suit filed by it in a California federal court.
 
An investigation into the allegations revealed that the Israeli firm had a role to play in the cyberattack, following which the lawsuit was filed, WhatsApp head Will Cathcart said.
 
“NSO Group claims they responsibly serve governments, but we found more than 100 human rights defenders and journalists targeted in an attack last May. This abuse must be stopped,” Cathcart said on Twitter.
 
The allegations have been denied by the NSO Group.
 
BSO had developed a software bug called Pegasus and its task was to hijack devices using the Android, iOS, and BlackBerry operating systems after being installed remotely in the devices, alleged WhatsApp in the lawsuit.
 
The attackers “reverse-engineered the WhatsApp app and developed a programme to enable them to emulate legitimate WhatsApp network traffic in order to transmit malicious code” to take over the devices, the legal complaint said.
 
“While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful,” Cathcart said in an opinion piece published in the Washington Post. Internet-hosting services and accounts associated with NSO were found in the investigation, he noted. .
 
The social messaging app company demanded unspecified damages for the acts and requested the court to rule against the NSO to prevent any such attacks.
 
In May this year, the users of WhatsApp were asked to upgrade the app with a fix form the company that would ensure that a security gap that could allow injection of sophisticated malware which could then be used for spying by agencies and individuals. Currently there are more than 1.5 billion people across the world using this app. 
 
In the latest case, the lawsuit informed the court that the malicious software was injected into various targeted devices between April 29 and May 10 this year. The devices of attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials were targeted in the cyber attack, complained the lawsuit.
 
“A user would receive what appeared to be a video call, but this was not a normal call,” Cathcart said of the cyberattack. “After the phone rang, the attacker secretly transmitted malicious code in an effort to infect the victim’s phone with spyware. The person did not even have to answer the call.”
 
The NSO Group was first widely known after it was alleged that the firm had played a role in spying on an activist in the United Arab Emirates in 2016. Pegasus is the best known product of the company and this software is able to remotely switch on the camera and microphone of a target’s phone and get access to data stored within the device.
 
(Source:www.thehindu.com)