This article was published on October 30, 2019

WhatsApp sues Israeli security firm for injecting malware into targets’ phones through its app


WhatsApp sues Israeli security firm for injecting malware into targets’ phones through its app Image by: OpenClipart-Vectors / Pixabay

WhatsApp just sued Israel-based security company, the NSO Groupin a US federal court for allegedly injecting malware into over 1,400 targets’ phones through the messaging service.

The Facebook-owned company accused the NSO Group of installing malware into phones for surveillance. The court filing says the security company wasn’t able to break WhatsApp’s end-to-end encryption, so it used malicious code to snoop on chat messages.

In May, the chat app patched a vulnerability that allowed hackers to install malware through an audio call even if you don’t answer it. At the time, sources told the Financial Times that NSO Group was responsible for this exploit.

In a column posted in Washington Post after the lawsuit, the company head Will Cathcart said NSO Group targeted “at least 100 human-rights defenders, journalists and other members of civil society across the world.”

The Israel-based security group has been notoriously accused of supplying snooping tools to governments. WhatsApp’s court filing alleges the security company says its Pegasus software “could remotely and covertly extract valuable information from virtually any mobile device.”

NSO Group has been involved in human rights issues as well. Last year, Jamal Khashoggi, a journalist, was tortured and murdered by Saudi Arabia inside the country’s consulate in Istanbul. Gizmodo notes the company’s spyware was found on one of the Khashoggi’s contact’s phone. 

According to a report by Motherboard, the group has been trying to clean up its image with select interviews and Google ads.

However, in an email statement to TNW, the firm said it disputes WhatsApp’s allegations strongly and said it takes action against any misuse of its service:

 

In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years.

 

The truth is that strongly encrypted platforms are often used by pedophile rings, drug kingpins and terrorists to shield their criminal activity. Without sophisticated technologies, the law enforcement agencies meant to keep us all safe face insurmountable hurdles. NSO’s technologies provide proportionate, lawful solutions to this issue.

 

We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. We take action if we detect any misuse. This technology is rooted in the protection of human rights – including the right to life, security and bodily integrity – and that’s why we have sought alignment with the U.N. Guiding Principles on Business and Human Rights, to make sure our products are respecting all fundamental human rights.”

 

Almost every communications software company like WhatsApp is facing pressure from governments across the world to install a backdoor to let them trace messages for security purposes. However, if there’s a backdoor in services with end-to-end encryption, there’s a strong possibility of it being exploited by governments for snooping and censorship and by bad actors to steal information.

Authorities across the globe must understand this threat, and stop encouraging tools that can be used for mass surveillance.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with