Over 100 Human rights activists, journalists, prominent lawyers, religious figures and political dissidents had their smartphones hacked by spyware that exploited the vulnerability in WhatsApp, according to the Facebook owned messaging service in May 2019.
The victims of the attack were only contacted by WhatsApp yesterday. Their smartphones were targeted through WhatsApp’s call function by customers of the Israel-based NSO Group, which makes Pegasus, a spyware program. Once installed Pegasus is designed to take over all of the phone’s functions.
WhatsApp is taking legal action for the first time against NSO that has carried out this type of attack. WhatsApp said it spent six months investigating the breach, discovering that attackers had used its service to target about 1, 400 phones over a two-week period this spring, and had asked its 1.5m users to update their apps in order to close the loophole.
NSO claims that Pegasus is sold only to law enforcement and intelligence agencies to prevent crime and terrorism. WhatsApp, which worked with the University of Toronto’s Citizen Lab to identify targets, said a sizeable proportion of the targets were members of civil society, saying these had been an “unmistakable pattern or abuse” of the spyware.
WhatsApp called for “strong legal oversight of cyber weapons used in this attack to ensure they are not used to violate the rights and freedoms people deserve”.
However, NSO believes allegations of misuse of its products are based on “erroneous information”.