WhatsApp is an end-to-end encrypted application, which technically provides the guarantee of message security. This is one of the assets put forward by Facebook, but a flaw discovered in the application last May has spied on users without their knowledge on both Android and iOS. A formidable spyware called Pegasus was operated by customers of the Israeli company NSO Group, specializing in spyware.
WhatsApp: Facebook sues NSO Group in court for spying
Peagasus did not only allow access to WhatsApp messages. The spyware was all the more pernicious as it offered full control of infected smartphones. Including the microphone, camera, emails and location … the victims could be spied to a worrying degree. When the WhatsApp fault was discovered, the NSO Group stated that it was not involved in any attack, nor in the direct use of its software for malicious purposes by its clients who were largely institutional and government agencies.
Facebook has since gathered evidence against them. “After months of investigation, we can say who led this attack,” said Will Cathcart, the head of WhatsApp at the Washington Post site. “We discovered that the attackers had used servers and Internet hosts whose links with NSO have already been established in the past,” he adds. “And we were able to link some WhatsApp accounts used during this malicious operation to NSO. Their attack was very complex, but they did not entirely manage to erase their traces.
WhatsApp (Facebook) has just launched a lawsuit against the Israeli company. “We are now seeking to hold NSO accountable under US federal law. Including the Computer Fraud and Abuse Act,” says Cathcart.