Technology

WhatsApp blames — and sues — mobile spyware maker NSO Group over its zero-day calling exploit

   Download Android App    Share in      FullScreen   CheckVideos

WhatsApp has filed a suit in federal court accusing Israeli mobile surveillance maker NSO Group of creating an exploit that was used hundreds of times to hack into target phone. The lawsuit, filed in a California federal court, said the mobile surveillance outfit &developed their malware in order to access messages and other communications after they were decrypted& on target devices. The attack worked by exploiting an audio-calling vulnerability in WhatsApp.

Users may appear to get an ordinary call, but the malware would quietly infect the device with spyware, giving the attackers full access to the device. In some cases it happened so quickly, the target phone may not have rung at all. Because WhatsApp is end-to-end encrypted, it near-impossible to access the messages as they traverse the internet.

But in recent years, governments and mobile spyware companies have begun targeting the devices where the messages were sent or received.

The logic goes that if you hack the device, you can obtain its data. That what WhatsApp says happened. WhatsApp, owned by Facebook, quickly patched the vulnerability.

Although blame fell fast on NSO Group, WhatsApp did not publicly accuse the company at the time — until now. In an op-ed posted shortly after the suit was filed, WhatsApp head Will Cathcart said the messaging giant &learned that the attackers used servers and Internet-hosting services that were previously associated& with NSO Group, and that certain WhatsApp accounts used during the attacks were traced back to the company. &While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful,& said Cathcart. The attack involved disguising the malicious code as call settings, allowing the surveillance outfit to deliver the code as if it came from WhatsApp signaling servers.

Once the malicious calls were delivered to the target phone, they &injected the malicious code into the memory of the target device — even when the target did not answer the call,& the complaint read.

When the code was run, it sent a request to the surveillance company servers, and downloaded additional malware to the target device. In total, some 1,400 targeted devices were affected by the exploit, the lawsuit said. Most people were unaffected by the WhatsApp exploit.

But WhatsApp said that more than 100 human rights defenders, journalists and &other members of civil society& were targeted by the attack. Other targets included government officials and diplomats. In a statement, NSO Group said: &In the strongest possible terms, we dispute today allegations and will vigorously fight them.& WhatsApp exploit let attackers install government-grade spyware on phones




Unlimited Portal Access + Monthly Magazine - 12 issues-Publication from Jan 2021

Buy Our Merchandise (Peace Series)

 

Contribute US to Start Broadcasting


It's Voluntary! Take care of your Family, Friends and People around You First and later think about us. Its Fine if you dont wish to contribute and if you wish to contribute then think about the Homeless first and Feed them. We can survive with your wishes too :-). You can Buy our Merchandise too which are of the finest quality.

Debit/Credit/UPI

UPI/Debit/Credit

Paytm

STRIPE

Details
Category: Technology


25