Published: Tue, May 14, 2019
Worldwide | By Isabel Fisher

WhatsApp vulnerability exposed civil rights promoters to hacking attempts

WhatsApp vulnerability exposed civil rights promoters to hacking attempts

TechCrunch reports that the vulnerability discovered by WhatsApp just a few weeks ago, would allow a caller to install a spyware on the device being called, regardless of whether or not the could was answered. Once installed on a phone, the software can extract all of the data that's already on the device (text messages, contacts, Global Positioning System location, email, browser history, etc) in addition to creating new data by using the phone's microphone and camera to record the user's surroundings and ambient sounds, according to a 2016 report by the New York Times. It remains unknown how many WhatsApp users were affected.

Citizen Lab, the Canadian non-profit that helps monitor the spread of Pegasus and its ilk, said someone tried to use the VoIP exploit as late as Sunday night to infect a UK-based human rights' lawyer's phone as Facebook engineers in London and San Francisco raced to push out patched versions of their software. It is not yet clear how many people were targeted and spied on in total, though the WhatsApp team is still investigating. The report said that calls could disappear from the call log, transmitting the spyware to the unwitting victim.

Spyware users were able to inject malicious code into their target device by initiating a voice call to the corresponding WhatsApp account.

The WhatsApp spokesman said the attack had "all the hallmarks of a private company that has been known to work with governments to deliver spyware that has the ability to take over mobile phone operating systems". "We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society".

The NSO Group is an Israeli company that has been referred to in the past as a "cyber arms dealer".

According to the Financial Times, the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.

NSO's spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents. "The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions", NSO Group said.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies", the company added.

Human rights organisation Amnesty International is behind legal action to revoke the NSO Group's export licence in Israel, after an Amnesty staff member was targeted last August by Pegasus.

Like this: