WhatsApp security breach appears to be a government surveillance attack by Israeli spyware firm

WhatsApp has said that the security breach of its messaging app had all the signs of a government surveillance attack, done by using the spyware technology developed by a private organization. The company says that human rights groups may have been the main target of this attack.

WhatsApp told human rights groups that they believe the spyware used in the attack was developed by an Israeli cyber surveillance company NSO Group, which is known for developing tools used in mobile hacking, stated Eva Galperin the cybersecurity at the Electronic Frontier Foundation while talking to the Reuters.

A WhatsApp spokesman said, “We’re working with human rights groups on learning as much as we can about who may have been impacted by their community. That’s really where our highest concern is”.

What is NSO

NSO group is an Israeli technology firm that specializes in cyber surveillance and intelligence tools. The company’s flagship product is a powerful piece of malware called Pegasus, which is designed to track a user’s cellphone. This malware has the ability to infect a device after a single click on a link revived in a fake text message, which in turn gives the cyber company complete access to your mobile phone.

According to researchers with the Toronto-based Citizen Lab, around 45 countries are using NSO’s Pegasus technology right now, among them, six countries including Saudi Arabia, Bahrain, Mexico, Morocco, the United Arab Emirates, and Kazakhstan were previously linked to the illegal use of this technology to target civil society.

The Facebook-owned messaging app recently said that it had discovered a security breach in its platform that could install spyware in a user’s mobile phone through a missed call. The company later encouraged its 1.5 billion users to update the application to the latest version of the app, where it said the breach had been fixed.

The messaging giant said they had also notified the United States Department of Justice to provide assistance in the ongoing investigation regarding the breach.