WhatsApp has sued the Israeli firm that it says used its messaging service to hijack phones and spy on as many as 1,400 users around the world.
In court papers filed in California court on Tuesday, WhatsApp – which is owned by Facebook – said NSO, the Israeli firm, used its messaging service to spy on targets between April and May 2019.
The hack was reported in May. WhatsApp announced at the time that a hack had occurred. It said it would contact the affected customers individually with a customized message.
Now, the company is seeking an injunction which will block the company from using its service permanently. It is also now publicly attributing the breach to NSO and sharing details of how it happened in addition to the targets.
Citizen Lab, a research company it partnered with to investigate the breach, published some of its findings.
WhatsApp is suing the Israeli spyware firm NSO claiming it should be permanently blocked
It said that there were at least 100 cases of journalists or human rights activists having been targeted across 20 different countries including Africa, Asia, Europe, the Middle East, and North America.
The breach occurred after NSO was acquired by Novalpina Capital, a private-equity group based in London. Citizen says the purpose of it was ‘ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.’
WhatsApp is asking that NSO, which sells spyware to governments, should be blacklisted internationally.
‘NSO Group claims it sells its spyware strictly to government clients only, and all of its exports are undertaken in accordance with Israeli government export laws and oversight mechanisms.
‘However, the number of cases in which their technology is used to target members of civil society continues to grow.
‘Although the technology is marketed as a tool to assist governments in lawful investigations into crime and terrorism, Citizen Lab has identified dozens of cases where journalists, human rights activists and defenders, lawyers, political opposition groups have been targeted’.
The vehicle for the attack was Pegasus, is ‘some of the most sophisticated spyware available on the market and can infiltrate both iOS and Android devices.’
NSO, according to WhatsApp, got into people’s phones via Pegasus, its ‘flagship’ spyware
NSO targeted WhatsApp users through its video call function. They did not have to pick up the phone in order to be exploited. Above is an example that was shared by Citizen Lab, the research company it partnered with to produce a report on the May 2019 breach
NSO group’s offices in Israel. It has not yet responded to the complaint
‘To monitor a target, a Pegasus operator uses multiple vectors and tactics including zero-day exploits and deception, to penetrate security features in popular operating systems and silently install Pegasus without the user’s knowledge or permission,’ according to Citizen Lab.
In this case, they received video call requests through WhatsApp.
WhatsApp previously said that afflicted users did not even have to answer the calls they got from unknown numbers for it to work.
Once installed, Pegasus could ‘remotely and covertly extract valuable intelligence from virtually any mobile device,’ according to the lawsuit.
The suit was filed in the United States District Court in the Northern District of California on Tuesday.
In an accompanying statement, a WhatsApp spokesman said: ‘This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users.
‘In our complaint we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective.
‘We are seeking a permanent injunction banning NSO from using our service.’
NSO has not yet responded to the complaint. WhatsApp alleges that it broke Californian law as well as its Terms of Service.