WhatsApp is suing notorious spyware vendor NSO Group, saying the company
was actively involved in hacking users of the encrypted chat service.
In May, a major software vulnerability in WhatsApp was revealed.
Using the flaw, hackers could load spyware onto a phone through a video
call, even if the person never answered the call. Citizen Lab, the
organization that discovered the vulnerability, said at the time that
the attack was being used to target journalists and human rights
advocates. The spyware used in the attacks, called Pegasus, was
developed by the Israel-based NSO Group, whose software has been
employed by repressive governments around the world.
When the WhatsApp flaw was revealed, NSO Group said it
wasn’t involved in the direct use of its software, and merely provided
it to governments. But in a Washington Post opinion article
published today, WhatsApp head Will Cathcart says the company has
evidence of NSO Group’s direct involvement in the attack. “Now, we are
seeking to hold NSO accountable under U.S. state and federal laws,
including the US Computer Fraud and Abuse Act,” Cathcart writes.
According to Cathcart, Facebook-owned WhatsApp linked
servers and services used in the attack with NSO Group, and also
uncovered evidence tying WhatsApp accounts used in the attack to the
spyware vendor. “While their attack was highly sophisticated,” Cathcart
writes, “their attempts to cover their tracks were not entirely
successful.” About 1,400 devices were infected by the malicious code,
according to WhatsApp.
In a related announcement, Citizen Lab said it has been working with WhatsApp since the attack to identify suspected targets.
“In the strongest possible terms, we dispute today’s
allegations and will vigorously fight them,” NSO Group said in a
statement. The company went on to say it takes action when one of its
products is used for purposes other than fighting crime or terrorism.
WhatsApp is asking a court to stop NSO Group from taking
similar action in the future and to award damages. “WhatsApp will
continue to do everything we can within our code, and within the courts
of law, to help protect the privacy and security of our users
everywhere,” Cathcart writes.
Source : theverge.com
Komentar
Posting Komentar