Security researchers accuse the Israeli firm NSO Group of developing technology that uses a security breach in the messaging app WhatsApp to break into iPhone and Android mobile phones, the Financial Times reported Monday.
Hackers are able to use the breach in WhatsApp to insert malicious code and then steal data from any mobile phone by calling it via WhatsApp. The victim does not have to answer in order to be hacked.
Owned by Facebook, WhatsApp is estimated to be used by 1.5 billion people around the world. Close to two weeks ago, WhatsApp engineers discovered an abnormal voice calling activity on their systems, and alerted human-rights organizations and the US Justice Department about the threat.
NSO Group Technologies, an Israeli cyber intelligence company, was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio and is based in Herzliya. On August 25, 2016 it was revealed that the Pegasus program created by NSO was used by United Arab Emirates to target an opposition human rights activist Ahmed Mansoor.
The security researchers say they discovered a Pegasus-like spyware program that took advantage of a flaw in WhatsApp which it used to target a London attorney who is suing NSO Group for helping to hack the phones of a Saudi dissident named Omar Abdulaziz, a Qatari citizen, and several Mexican journalists and activists.
On Monday, WhatsApp released a patch which customers can get by updating their phones, and issued a statement saying “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
NSO Group issued a statement on Monday saying its spyware is only licensed to government agencies, adding it plans to investigate “credible allegations of misuse.” The company is in the midst of a campaign to sell its spyware to law enforcement agencies around the world, which could install it on the mobile phones of criminal suspects. The phone of drug kingpin El Chapo was hacked using NSO software, and in 2011, the president of Mexico thanked NSO for it role in El Chapo’s arrest.
In December 2018, the NY Times suggested the Pegasus software was used in the murder of Saudi journalist Jamal Khashoggi, based on a claim made by Khashoggi’s friend that Saudi authorities had used the Israeli-made spyware to target their victim.
So it’s not clear whether the emerging WhatsApp scandal is bad or good for business. NSO Group’s value is estimated at $1 billion.