Last May WhatsApp was the protagonist after discovering a vulnerability in its video calls. In a nutshell, NSO, an Israeli company (the one that created Pegasus), had managed to create an exploit for that vulnerability with which one could infect users' mobile and access the camera, microphone and text. So serious was the security flaw that the user did not even have to answer the call, so there was no way to detect that he was being spied on.
Now WhatsApp has taken action on the matter and has denounced NSO. This has been announced by the president of the company, Will Cathcart, in a column published in the Washington Post. "After months of investigation, we can say who is behind the attack," says the president, who points directly to NSO Group and accuses her of having made a very sophisticated attack, but not having covered her tracks well.
1,400 mobiles and 100 human rights defenders
According to the lawsuit, "between April 2019 and May 2019, the defendant used WhatsApp servers, located in the United States and more countries, to send malware to approximately 1,400 mobiles and devices"He continues, saying that being" unable to break WhatsApp's end-to-end encryption, the defendant developed his malware to access messages and other communications after being decrypted on the target mobile, "which is a violation of the terms of service
According to Cathcart, NSO also pointed to 100 human rights defenders, journalists and other members of civil society throughout the world. NSO, on the other hand, denied the facts saying that "under no circumstances would NSO be involved in the operation … of this technology" and today it has done it again: "We reject today's accusations in the strongest terms and we will fight them strongly, "emphasizing that" the sole purpose of NSO is to provide technology for government intelligence and police agencies to help them fight terrorism and serious crimes. "
For the president of WhatsApp, these facts are a touch for technology companies, governments and internet users and "reinforces why technology companies should never be required to intentionally weaken their security systems"The government of the United States has requested on occasion that Facebook ended the end-to-end encryption of WhatsApp and Telegram had problems with Russia refusing to hand over the encryption keys of its app.
The United States and Russia have sometimes asked WhatsApp and Telegram to get rid of encryption
On the other hand, Cathcart asks companies to "publicly explain those significant attacks to increase resilience and work with security researchers" and, finally, exposes something evident: "companies simply should not launch cyber attacks against other companies" , but must report these vulnerabilities (in some cases there are economic rewards for this) and, of course, "not sell services to other people involved in such attacks".
Finally, from Facebook and WhatsApp they have asked the courts to, in a precautionary manner, restrict the use of WhatsApp and Facebook services by NSO and request compensation for all damages suffered so far and those proven before the claim is resolved.
Via | Washington Post