With so much attention focused recently on constant consumer spying and privacy violations, erroneous or otherwise, by Amazon, Facebook and now Twitter, it is easy to forget that virtually other communication apps have the same purpose, and that’s what one secretive Israeli company relied on when they used a vulnerability in the popular messaging app WhatsApp (owned by Facebook) to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said. What is unique is how the app was infected: with a simple phone call.
According to the FT, WhatsApp which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function. The malicious code, developed by the secretive NSO Group, a notorious and controversial Israeli hacking and surveillance tools vendor, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs.
It is unclear how many apps were infected with the spyware trojan, which could for example, allow anyone to get access to John Podesta’s email password (and then blame say, Vladimir Putin for example) as WhatsApp is too early into its own investigations of the vulnerability to estimate how many phones were targeted using this method, although it is likely a substantial number. As late as Sunday, the FT reports that WhatsApp engineers were racing to close the loophole.
For those who thought that Alexa’s constant eavesdropping was bad, this is even worse: NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data. It effectively opens up one’s entire cellphone to the hacker, and to get “infected”, one just needs to receive an inbound phone call without ever answering it.
NSO advertises its products to Middle Eastern and Western intelligence agencies, and says Pegasus is intended for governments to fight terrorism and crime. NSO was recently valued at $1bn in a leveraged buyout that involved the UK private equity fund Novalpina Capital
Since the application is Israeli, its hardly a surprise that the spies’ preferred targets were Middle Eastern: as the FT reports, in the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” the company said, with the government in question being that of Israel. “We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
WhatsApp disclosed the issue to the US Department of Justice last week, according to a person familiar with the matter. A justice department spokesman declined to comment.
“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” said Danna Ingleton, deputy director of Amnesty International, which identified an attempt to hack into the phone of one its researchers.
“The Israeli ministry of defense has ignored mounting evidence linking NSO Group to attacks on human rights defenders. As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International’s staff and that of other activists, journalists and dissidents around the world is at risk.
I still don’t get who the fuck installs an app on their phone so they can send a text message to someone else’s phone. Just send a text.
IT’s very popular for intercontinental communications and allows you to both talk and text for free internationally.
It’s a great app if you do business with or have relationships with people overseas. It’s also quite secure compared to your regular phone apps.
Thanks for the recommendation seems legit.
It’s much more secure than standard messaging platforms which is why the lefties when absolutely nuts over some of the people in the Trump Administration using it since it made it far more difficult or impossible to eavesdrop on their communications or to trace them through gov’t servers.
So what exactely is the problem here? What’s App is one of the most secure messaging apps available and a lot of terrorists, drug, and human traffickers use it for that reason.
As a result there’s been a big push by both intel and LEO’s to find ways to crack it.
Israel is one of the leading countries world wide when it comes to high tech and intel as well so it’s only natural that an Israeli company would succeed at cracking the format.
You can damned well bet that our federal intel and LEO agencies will be making use of the software.