WhatsApp fixes Israeli spyware breach

Israel’s NSO Group exploited critical vulnerability in WhatsApp to install powerful spyware on phones. 

Thomas White Reuters

Users of the messaging service WhatsApp are being urged to immediately update to the latest version of the app.

WhatsApp, which is owned by Facebook, released the update to fix a critical vulnerability that allowed Israeli spyware to be installed on a user’s smartphone simply by ringing it up.

“The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs,” according to the Financial Times.

The newspaper reported that a UK-based human rights lawyer’s phone was targeted using the vulnerability on Sunday, even as WhatsApp engineers raced to close it.

John Scott-Railton, a researcher at the University of Toronto’s Citizen Lab, told the Financial Times that attack had failed.

“We believe that the measures that WhatsApp put in place in the last several days prevented the attacks from being successful,” Scott-Railton said.

Powerful spyware

It has been long known that NSO Group made a system called Pegasus that allowed operators to install powerful spyware on a user’s phone by sending them a deceptive text message and inducing them to click on a link.

The system has been sold to governments around the world.

It installs sophisticated malware on the targeted device that can go undetected and send a frightening amount of data to those doing the spying.

This includes locations, recordings, screenshots, email and text messages, passwords and photographs.

It was reported last year that NSO Group had developed an even more invasive system that allows spies to take control of a phone without the targeted user having to click on a link.

NSO Group demonstrated the system to Saudi officials, who expressed an interest in buying it.

According to Amnesty International, NSO Group spyware has been used to target at least 24 human rights defenders, journalists and lawmakers in Mexico; Saudi activists Omar Abdulaziz, Yahya Assiri and Ghanem al-Masarir; award-winning Emirati human rights campaigner and political prisoner Ahmed Mansoor; and, allegedly, Jamal Khashoggi, the Saudi journalist murdered and dismembered in his country’s Istanbul consulate last year.

The United Arab Emirates even used NSO Group technology in attempts to spy on Qatar’s Emir Tamim bin Hamad Al Thani, Lebanese Prime Minister Saad Hariri and a Saudi prince.

Lawsuit

Amnesty, whose own staff has been targeted using NSO Group spyware, is supporting a legal action in Israel this week to force the defense ministry to cancel NSO Group’s expert license.

“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics,” said Danna Ingleton, a tech specialist for the human rights group who is providing supporting testimony in the case.

“It’s time to stop the use of NSO Group’s tools to infiltrate, intimidate and silence civil society,” Ingleton added.

The case is being brought jointly with New York University School of Law’s Bernstein Institute for Human Rights and Global Justice Clinic.

In one of the latest instances uncovered in March by the University of Toronto’s Citizen Lab, Griselda Triana, a journalist and the wife of slain journalist Javier Valdez, was targeted in Mexico with NSO Group’s Pegasus spyware following his assassination.

The Citizen Lab has played a critical role in tracking how NSO Group’s spyware has been used against journalists and human rights defenders around the world.

In January, the organization revealed that two of its researchers had been approached by suspicious individuals in what it believed was “an attempt to compromise our work” on monitoring the use of NSO Group’s spyware.

Mexican and Saudi citizens targeted with NSO Group spyware are also suing the company, and their lawyers, in turn, “have been approached by people pretending to be potential clients or donors, who then try to obtain information about the ongoing lawsuits,” according to the Financial Times.

“It’s upsetting but not surprising that my team has been targeted with the very technology that we are raising concerns about in our lawsuits,” Alaa Mahajne, a Jerusalem lawyer representing the Mexican and Saudi citizens, said.

The Israeli defense ministry “has ignored mounting evidence linking NSO Group to attacks on human rights defenders, which is why we are supporting this case,” Amnesty’s Danna Ingleton said, explaining the logic of her organization’s lawsuit.

“As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International’s staff and that of other activists, journalists and dissidents around the world is at risk.”

While that may be true, and legal action may be justified, expecting Israel’s defense ministry to protect human rights is like putting the proverbial fox in charge of the hen house.

Tags

Comments

picture

Software in America enjoys carte blanche immunity from TORT LAW. There will never be a lawsuit or liability.
Today Facebook will release a patch to fix this vulnerability. Tomorrow it will release patches introducing more intrusive vulnerabilities. Free enterprise carte blanche.

picture

Firstly. Although the WhatsApp fix has probably prevented any further infections there has been no announcement by Facebook or any of the web security suites of anything to clear out the bug from phones already infected.

Secondly why the concentration on NSO dealings with the Saudis, as I wrote to the Guardian yesterday which for some strange reason they haven't published:

Rightly, there has been much concern about the use by Saudi Arabia and other repressive regimes of the recent WhatsApp exploit.

What is surprising is that there has been no investigation of possible links between the Israeli firm NSO and the Israeli Government and its security agencies. In no country does a firm like NSO, specialising in cybersecurity and cyber exploits, not have close links with the state’s security apparatus. It is barely credible that NSO does not work closely with Mossad, Shin Bet and Gilad Erdan’s Ministry of Strategic Affairs. Erdan has made it his publicly declared ambition to harass and disable those he sees as enemies of the Israeli state. In particular, he seeks to harass and disable non-violent Boycott, Divestment and Sanctions activists. The Al Jazeera programmes ‘The Lobby’ exposed his Ministry’s attempts to interfere with legitimate political activity in the UK and the USA. It showed the determined efforts to undermine activists for Palestinian rights in the Labour Party and elsewhere.

Why all the concentration on the likelihood of the involvement in the Khashoggi assassination and none on the possible undermining of legitimate political activity in Britain and other Western countries.