Is Whatsapp Security Flaw Exploited By State Sponsored Hackers?
In a major revelation made by Whatsapp about a serious vulnerability in its system raised serious concerns globally. As per the announcement, the stated vulnerability made it possible for hackers to exploit mobile phones of the users.
It has been speculated that the vulnerability may already have exploited records of various users with a major target towards social activists with a London-based human rights lawyer possibly among the targets.
The FB owned messaging app stated that it discovered given the vulnerability hackers could install a malicious code on a target’s phone by a simple call, needless of the fact whether the target takes up the call or not.
As per the statement given by Whatsapp spokesperson- “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
Though, Whatsapp never revealed the name of the private company a source involved in research indicated that the Israeli cyber company, NSO, has developed a strong malware designed specifically to exploit the data for spying purposes on targets.
In response to the allegation, NSO group gave a media statement which said that “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”
It further said that NSO just licensed government agency its technical knowledge is outsourced to government agencies solely for the purpose of fighting crime and terror. However reports suggest that the outsourced technology is used in more ways especially in context to addressing civil society dissents.
Civil Society allegations
As per civil society groups across the globe it has been alleged that amongst other targeted individuals now it’s the a London-based human rights lawyer is targeted given his active involvement in building a case against NSO group for the above stated allegations.
The speculation cannot be entirely baseless as both John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab and the London based lawyer did receive strange call on their Whatsapp devices as they both are actively involved in investigating digital threats to civil society groups and online freedom of expression.
Whatsapp vulnerability discovery and fixation
As per Scott-Railton, The apparent attempt to breach the lawyer’s phone was not successful as the suspicious calls on WhatsApp from Swedish and other European phone numbers to the London Based human rights lawyer was investigated by Citizen Lab in collaboration with Whatsapp and the vulnerability was discovered and addressed.
NSO maintaining its stance over the issue said “NSO would not or could not use its technology in its own right to target any person or organization, including this individual.”
On contrary to the statement given by NSO group in this case, in a similar case running against the group taken by Amnesty International it has been claimed that NSO software “threatens the rights to privacy and to freedom of opinion and expression, in breach of Israel’s obligations under international human rights law.”
The group also alleged NSO for targeting its researcher who was working on a campaign to release six women’s rights activists detained in Saudi Arabia.
Such allegations and strong cases do indicate a high plausibility that Whatsapp vulnerability and the malware created by NSO group may have spied on user details on the hit list to help certain state actors for curbing dissents.
