WhatsApp recently filed a lawsuit against NSO Group, an Israeli company for abusing its platform. This was the first case that WhatsApp filed after issuing a warning regarding legal actions back in June. As part of the lawsuit, the company alleged that the NSO Group used the platform to keep a tab on a group of users. The report noted that the private entity used the state-of-the-art Pegasus spyware to attack the users. It is not the first time that we have heard about Pegasus, NSO Group or WhatsApp.
As per past reports, WhatsApp initially discovered about the attack and Pegasus back in May 2019. At the time, the company asked WhatsApp users across the world to update their app versions. This spyware worked on a vulnerability known as “zero-click zero-day” where the attacker can directly infect the smartphone. In fact, attackers used WhatsApp video calls to inject Pegasus in the device. The interesting part about this is that the victim does not need to do anything on their part. This also means that the victims did not even have to pick up the call. Months after the initial attack and days after the lawsuit, WhatsApp has revealed new information about the attack.
WhatsApp: NSO Group attack details
As per a report from Indian Express, a spokesperson from WhatsApp confirmed that NSO Group used Pegasus to monitor Indians. These include about two dozen academics, lawyers, journalists, and Dalit activists. WhatsApp clarified that these victims were under surveillance for two weeks before Facebook discovered the weakness. The company contacted all the targets to inform them about the attack after discovery. The spokesperson did not reveal the exact number of people but they did mention that it was “not an insignificant number”.
Pegasus spyware allowed attackers to get access to a whole host of private data. These include passwords, contacts, calendar events, text messages, and live voice calls. As mentioned in the report, the NSO Group denied the claims in a statement. It also went on to add, “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists.”