An Israeli firm has been accused of providing tools to spy on humans rights activists and journalists. The surveillance was done through a security hole in WhatsApp activated through a simple phone call.
An Israeli firm has been producing spyware to exploit vulnerabilities in WhatsApp to surveil journalists and human rights activists, a new report finds. The spyware is characteristically similar to what has been produced by the Israeli company, NSO Group.
WhatsApp developers have since patched the exploit upon hearing the news. Used by 1.5B people globally, it has urged all its users to update the app immediately.
The exploit was used to target a wide variety of individuals. For example, it is now known that a London lawyer who was involved in lawsuits against the NSO Group and its surveillance was extensively targetted. The lawyer was previously accusing the NSO group of hacking the phones of Omar Abdulaziz, a Saudi dissident in Canada, Mexican journalists, a Qatari citizen, and many others. The lawyer has remained anonymous due to a fear of retribution.
The vulnerability was frighteningly simple to implement. Digital attackers could infiltrate WhatsApp by inserting malicious code, made possible by just a simple WhatsApp call. The victim does not even need to pick up the phone for the breach to be successful.
Although it is still unknown whether the Israeli state was involved, it seems likely given how all of the victims were politically active.
Too Easily Hacked
The damning discovery was made by the London lawyer who said that he had grown suspicious after receiving WhatsApp video calls from Swedish telephone numbers at odd hours. Contacting the Citizen Lab at the Munk School of Global Affairs at the University of Toronto, WhatsApp was eventually alerted. The investigation into the matter is still ongoing.
The ease with which the NSO Group was able to exploit WhatsApp is frankly shocking. Although WhatsApp was quick to patch the vulnerability much to its credit, it’s not entirely reassuring. As long as messages are stored on a centralized server, there’s always the possibility of a breach.
Currently, there are various decentralized alternatives to current messaging services which seek to make these such exploits impossible. Blockchain-based networks provide us with trustless systems that can transmit information and messages without there being a single point of failure.
With such alternatives, there really is no reason to use WhatsApp for sensitive conversations — especially if you suspect that you are being targeted by authorities. Activists and journalists should be extremely cautious in this day and age of surveillance.
Do you believe decentralized apps can provide us with protections against surveillance? Let us know your thoughts in the comments below.
Images courtesy of Shutterstock.