WhatsApp is suing NSO Group for allegedly facilitating a hack on its users

nanoguy

Posts: 765   +12
Staff member

Back in May, news broke of a major software vulnerability in WhatsApp that would allow hackers to load spyware tools onto a smartphone with a simple call. The exploit also worked without the user answering the call.

The Facebook-owned company recently filed a suit against controversial Israeli firm NSO Group, alleging they facilitated hacking attempts on over 1,400 mobile devices. Intelligence agencies and governments routinely license its infamous Pegasus software tools to track terrorists, but there's a lot of potential for abuse by totalitarian regimes and other malicious actors that want to silence journalists and human rights activists.

WhatsApp believes the responsibility for misuse lies solely on the shoulders of NSO Group, but the latter thinks it's doing its best to prevent that from happening. The chat app has collaborated with researchers at the University of Toronto's Citizen Lab, and says it has proof that NSO set up fake WhatsApp servers to make the targeted phones easier to breach.

It's estimated at least 100 of them are owned by prominent religious figures, journalists, TV personalities, political dissidents, and lawyers that focus on human rights. WhatsApp informed everyone who was targeted using special messages, and has since patched the security hole.

NSO said in a statement that "in the strongest possible terms, we dispute today’s allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. ... It has helped to save thousands of lives over recent years."

Will Cathcart, head of WhatsApp, wrote an op-ed in the Washington Post where he called for an immediate ban on the sale of Pegasus, and argued the privacy risks aren't worth having these tools available on the open market. He also fired back at those who, like the US Department of Justice, are pushing for technology companies to develop backdoors into their products.

That said, there are similar vulnerabilities in WhatsApp the company has been taking its time to fix. One example is a bug that allows hackers to take over conversations, which hasn't been fixed after over a year. Not to mention that NSO's spyware tools are able to steal data from your Microsoft, Apple, Google, and Facebook accounts.

Permalink to story.

 

Adorerai

Posts: 87   +55
Will Cathcart, head of WhatsApp: It’s not us who puts the privacy of our customers at risk because we don’t patch known vulnerabilities, nor is it our responsibility. There should just be a ban on hacking, problem solved.
 

Bullwinkle M

Posts: 474   +374
https://www.theregister.co.uk/2019/10/30/nso_facebook_employees/

"Yesterday, both my personal Facebook and Instagram Profiles were intentionally disabled by the world's greatest privacy violator in the history of mankind, AKA Facebook," wrote NSO's global intelligence services and training manager Guy Brenner in a LinkedIn post.

"Why? Because I work for a company called NSO Group, and according to their statements, have found and used vulnerabilities in their WhatsApp architecture, to provide security agencies and governments sophisticated tools to prevent the next 9/11.
------------------------------------------------------------------------------------
Correct me if I'm wrong, but wasn't this type of criminal activity the direct cause of the 1st 9/11?

Looks as though they are trying to cause another one
 

pioruns

Posts: 41   +8
Solution? Don't user WhatsApp. And anything Facebook touches. This will decrease your risk factor by a magnitude. And don't use Microsoft Windows. Problem solved.