WhatsApp has filed a complaint against the Israel based surveillance firm NSO Group this Thursday, for building a exploit which allowed government spies to break into their target’s cell phones.
The suit has been filed in California federal court stating that the NSO Group “developed their malware in order to access messages and other communications after they were decrypted” on the targeted cellphone.
The attacks were exploited WhatsApp’s audio call vulnerability, where it appeared to the users that they are receiving an normal call, but the spyware quitely sneaked into the system providing the hackers with full access to the device. In some cases, the spyware was so potent that it affected the phone without giving the user any ring at all.
WhatsApp has openly claimed that it is end-to end encrypted and no data can leak through this app. However, recently, there have been instances where government and spywares were able to track the users sent and received data. WhatsApp has covered its inability stating that if a device is hacked, they will gain access to WhatsApp information.
Right after the defect was revealed, WhatsApp began to work on it and eventually fixed it for good. However, NSO Group instantly fall under the radar of the company, which today has finally accused it openly.
WhatsApp head Will Cathcart said:
While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful.
In order to attack the target, the malicious codes disguised all settings, allowing the surveillance outfit to read a message as if it came from WhatsApp’s signaling servers. Once the malware was delivered, it “injected the malicious code into the memory of the target device — even when the target did not answer the call,” as stated in the lawsuit.
Around 1400 devices were targeted with this malware, including uman rights defenders, journalists and “other members of civil society.” Government officials and diplomats were some other prominent targets.