The social media giant, which owns the messaging service WhatsApp, has filed a complaint against the Israeli tech company NSO Group for allegedly developing and deploying spyware on approximately 1,400 users’ smartphones via the messaging app.
BY JACK MORSE
And here’s the scary thing: According to Facebook, the victims didn’t even have to click on anything for the spyware to take over their devices.
We first learned of this troubling attack in May of this year, with reports that all a bad actor had to do was call a person via WhatsApp to compromise their phone. Once installed, the software could read decrypted messages on a person’s device.
The Oct. 29 complaint, published by the Washington Post, accuses the NSO Group of going after “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.”
According to the Financial Times, NSO Group products are advertised to both Middle Eastern and Western intelligence agencies, who obviously would be interested in obtaining this kind of access.
The complaint puts the alleged hacking attempts between April 29 and May 10 of 2019. The targets were scattered around the world, with one device featuring a Washington, D.C., area code.
The suit, filed in the U.S. District Court in the Northern District of California, seeks damages against NSO Group. What’s more, it attempts to ban any and all NSO Group members from using any Facebook or WhatsApp service ever again.
Facebook publicly copped to this WhatsApp vulnerability in May, and, after patching it, told users to update their apps. Shortly thereafter, the complaint says a NSO Group member complained about the fix.
“You just closed our biggest remote for cellular,” the complaint quotes the unnamed employee as saying. “It’s on the news all over the world.”
The complaint does not make it clear to whom the employee was speaking or writing.
While this lawsuit is yet more evidence that no digital communication is ever 100 per cent secure, it also serves as a reminder that encryption itself is still important. This specific hack, after all, had to take over a victim’s phone because the messages themselves were end-to-end encrypted by WhatsApp.
UPDATE: Oct. 29, 2019, 2:51 p.m. PDT: Nicole Perlroth, a cybersecurity reporter with the New York Times, obtained a statement about the lawsuit from the NSO Group.
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” read the statement in part. “We consider any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited,” the statement later added.
BY JACK MORSE
All information is provided on an as-is basis. Where we allow Bloggers to publish articles on our platform please note these are not our opinions or views and we have no affiliation with the companies mentioned