Israeli spyware at center of WhatsApp surveillance storm
The secretive NSO Group is the developer of Pegasus, its flagship software capable of controlling and collecting information from target mobile devices.
By EYTAN HALON
A vulnerability in popular messaging app WhatsApp reportedly enabled the installation of advanced surveillance spyware developed by Israeli cyber firm NSO Group on phones and other mobile devices.Discovered earlier this month by WhatsApp engineers, the flaw enabled hackers to remotely install spyware developed by NSO Group by calling targets using Whatsapp’s voice calling function, the Financial Times reported, adding that users did not need to answer the phone for the code to be inserted.“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a note to reporters.The company added that it had briefed a number of human rights organizations and referred the breach to the US Justice Department.WhatsApp also encouraged users to “upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”The secretive NSO Group is the developer of Pegasus, its flagship software capable of controlling and collecting information from target mobile devices.The company says it only sells its technology to government agencies for fighting crime and terror, but its software has been alleged to be behind spying on individuals including now-imprisoned Emirati activist Ahmed Mansoor and Saudi journalist Jamal Khashoggi, murdered in the country’s consulate in Istanbul in October 2018.“NSO’s technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror,” the Herzliya-based company said in a statement.“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organization.”
On Monday, a petition supported by Amnesty International and other human rights groups was filed at the Tel Aviv District Court, calling on the Ministry of Defense to revoke NSO Group’s export license.In June 2018, London-based Amnesty alleged that one of its activists working on human rights in Saudi Arabia was the target of a malicious WhatsApp message from the NSO Group.“The Israeli MoD has ignored mounting evidence linking NSO Group to attacks on human rights defenders, which is why we are supporting this case,” said Danna Ingleton, deputy director of Amnesty Tech.“As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International’s staff and that of other activists, journalists and dissidents around the world is at risk.”Under Israeli law, no person is entitled to receive a defense marketing or export license unless he or she is registered with the Defense Ministry’s defense export registry.