In a recent case of hacking, hackers targeted a “select number” of users on the messaging app WhatsApp. Through surveillance software, the hackers managed to carry out “an advanced cyber actor.” The attack was discovered earlier in May and recent reports from the Financial Times confirm that the action was undertaken by an Israeli security firm NSO Group. As a precaution WhatsApp recommended its 1.5bn users to update their app.
WhatsApp, which is owned by Facebook, said in a statement as it was still too early to determine the number of users affected by the vulnerability was still unclear, although it confirmed that the attacks were highly targeted. The attackers reportedly called target’s device via WhatsApp’s voice calling function. Although the call was not answered the surveillance software was installed and the call would disappear from the device’s call log.
Amnesty International, a London-based non-governmental organization centers around human rights, said it had long feared this kind of attack. The organization also reported that it had been targeted by tools created by the NSO group. Danna Ingleton, deputy program director for Amnesty Tech said in a statement that the tools were used by the group in order to keep prominent activists and journalists under surveillance. “They’re able to infect your phone without you actually taking an action. There needs to be some accountability for this, it can’t just continue to be a wild west, secretive industry,” she reported.
The group in question NSO Group is an Israeli company. One of its prominent software, Pegasus, can collect intimate data, including location data from devices. This also includes data via microphone and camera. The group is allegedly licensed to authorized government agencies in order to fight crime and terror. Furthermore, the group said in a statement, “The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.