WhatsApp’s CEO says national security officials of US allies were among those targeted with malware

A hand holds a mobile phone displaying the green-and-white WhatsApp logo
WhatsApp’s CEO has spoken out about Pegasus malware.

  • WhatsApp CEO Will Cathcart told The Guardian that officials of US allies were malware targets.
  • WhatsApp sued NSO Group in 2019, saying the Israeli company sent malware to 1,400 devices.
  • “There is no such thing as an encryption backdoor for just the good guys,” Cathcart said.
  • See more stories on Insider’s business page.

WhatsApp CEO Will Cathcart said senior government officials of US allies, including some in national-security roles, were targets of Pegasus phone malware in 2019.

Cathcart’s statements, which were featured in an interview by The Guardian on Sunday, followed reports last week from the Pegasus Project, a consortium that included The Guardian, The Washington Post, and Amnesty International.

The reports said an Israeli company sold access to military-grade spyware, which was used to hack the phones of journalists, activists, and government officials.

NSO Group, the company behind the Pegasus software, denied the phone numbers leaked to the consortium were Pegasus targets.

WhatsApp sued NSO Group in October 2019, saying about 1,400 mobile devices running the app were targeted by the company’s surveillance software.

According to the complaint, NSO Group had gained access to WhatsApp’s servers to target “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.” The lawsuit is ongoing.

“The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart told The Guardian.

There were more than 50,000 phone numbers on a leaked list of potential Pegasus targets, although it was unclear how many had actually been targeted, Forbidden Stories said. The list included numbers for French president Emmanuel Macron, Pakistani prime minister Imran Khan, and South African president Cyril Ramaphosa, Amnesty International said.

NSO Group said the consortium’s reports were inaccurate, denying the numbers on the list were targets or potential targets of Pegasus. It said it would no longer reply to media questions about the software.

“The numbers in the list are not related to NSO group,” the company said in a statement on Wednesday under the headline Enough is Enough. “Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false.”

The Pegasus software was designed to “covertly collect information about your target’s relationships, location, phone calls, plans and activities – whenever and wherever they are,” according to a product description included as an exhibit in WhatsApp’s 2019 lawsuit.

The software tracked GPS locations, monitored voice and VoIP calls, and collected other information, the description said. It also “[l]eaves no trace on the device.”

The software was reportedly sold to governments.

“There is no such thing as an encryption backdoor for just the good guys,” Cathcart said on Twitter last week. “A backdoor would be abused. And a backdoor would be a gift to hackers, criminals, spyware companies, and hostile governments, with dangerous consequences for safety and security.”

Read the original article on Business Insider

Spyware successfully broke into journalists’ iPhones by sending iMessages that didn’t even need to be read

iPhone 12
Amnesty International found evidence of iPhones being hacked with “zero-click” attacks.

  • An Amnesty report says NSO Group sold spyware then used to target journalists and activists.
  • The spyware successfully infected victims’ iPhones by exploit flaws in iMessage.
  • Amnesty said its findings suggest all iPhones and iOS updates are vulnerable to attack.
  • See more stories on Insider’s business page.

A forensic analysis by Amnesty International found a type of military-grade spyware was used to successfully break into journalists’ iPhones, apparently by sending iMessages that didn’t even need to be clicked.

The spyware is made by Israeli company NSO Group, a private firm that sells advanced hacking tools to clients including governments.

A group of 17 media outlets and Amnesty International published a report Sunday claiming NSO Group’s Pegasus software was used by its clients to hack the phones of at least 37 journalists, activists, politicians, and business executives around the world.

NSO Group strongly denied the report, claiming it contained factual inaccuracies and lacked evidence.

Amnesty International published a forensic methodology report of how it analyzed targets’ phones to discover whether they had been compromised by Pegasus.

The organization found evidence of “zero-click” iMessage attacks being targeted at journalists going back to 2018, with alarming implications for iPhone security. Zero-click attacks don’t require any interaction from the victim to break into a phone.

Amnesty said it analyzed a fully updated iPhone 12 belonging to an Indian journalist which showed signs of “successful compromise” following a zero-click attack as recently as June 16, 2021.

“These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” the report warns.

Read more: Phone-hacking spyware startup NSO Group claimed US and French security experts would advise on human rights. All three advisors left the company within a year.

Bill Marczak, a research fellow at the University of Toronto’s digital surveillance specialists Citizen Lab, said on Twitter the lab likewise found evidence of zero-click message attacks being used to break into the latest iPhones.

Marczak said some of the zero-click attacks exploited Apple’s ImageIO, which allows Apple devices to read and display images.

Amnesty also found evidence of a zero-click attack targeted at an Azerbaijani journalist in 2020 involving Apple Music. Amnesty said its analysis couldn’t ascertain whether Apple Music was used to infect the phone, or if the exploit began with a different app.

Amnesty said it reported its findings to Apple, which said it would investigate the matter.

The organization said NSO Group clients had previously relied on attacks that would send a malicious link to a victim, whose device would become infected once they click on it.

Apple said in a statement that the iPhone remains one of the safest consumer devices.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Apple security engineering chief Ivan Krstić said in a statement, adding that Apple prioritized security updates and that the majority of users were not at risk.

NSO Group said its software is used to fight terrorism and crime. It also said once it sells its products to customers, it does not operate them and has no insight into how they’re deployed. It was not immediately available for comment when contacted by Insider.

NSO Group has been accused previously of facilitating hacks on journalists.

Facebook sued NSO Group in October 2019, saying the company’s tools were used to hack WhatsApp accounts for journalists, politicians, human rights activists, and more. The alleged attack only required hackers to call victims on WhatsApp to infiltrate their phones.

Read the original article on Business Insider

Israeli military-grade spy software was used to hack phones of journalists, activists, executives, and 2 women connected to murdered journalist Jamal Khashoggi, a report says

Woman holds phone outside NSO Group in Herzliya
An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group, on August 28, 2016, in Herzliya, near Tel Aviv.

  • Military-grade spyware technology was used to hack the smartphones of journalists, activists, and executives, The Washington Post reported.
  • Some of the affected journalists worked at outlets including CNN and The New York Times.
  • The 37 numbers appeared on a list of 50,000 phone numbers in countries with a history of conducting surveillance on their own citizens, according to the report.
  • See more stories on Insider’s business page.

Military-grade spyware technology software created by an Israeli company that sells it to governments for the purpose of countering terrorism and criminal activity was used to target the smartphones of 37 journalists, activists, and business executives, the Washington Post reported Sunday.

The investigation was conducted by the Post and 16 other media partners, according to the report.

Among those who were the subject of attempted smartphone hacking, which used software called Pegasus, include journalists working at CNN, the Associated Press, the New York Times. the Wall Street Journal, Bloomberg, and Voice of America in the US. Targets also included journalists working for Le Monde in France, the Financial Times in London, and Al Jazeera in Qatar, according to the Post report.

Two women connected to the Saudi journalist Jamal Khashoggi, who was murdered in October 2018 in a Saudi consulate in Istanbul, were also on the list, according to the report.

The 37 numbers appeared on a list of 50,000 phone numbers originating mostly from countries with a history of conducting surveillance on their own citizens and those who have a relationship with the Israeli cyber-surveillance firm NSO Group, which created and sells the Pegasus software, according to the Post.

The list was shared with media outlets by the Paris-based non-profit Forbidden Stories and by Amnesty International, according to the report.

The list does not identify who placed the numbers on it. More than 15,000 of the phone numbers on the list were from Mexico while another sizable chunk of numbers came from the Middle Eastern countries, including the United Arab Emirates, Qatar, Saudi Arabia, Bahrain, and Yemen, according to the Post.

Read the full story at The Washington Post

Read the original article on Business Insider

Dozens of Al Jazeera journalists’ iPhones were hacked using spyware from Israeli security company NSO Group, report claims

iphone 12
  • Sophisticated spyware was used to hack the phones of 36 Al Jazeera journalists, Citizen Lab said in a new report.
  • Citizen Lab said the hack, which it dubbed “Kismet,” could be traced back to software made by Israeli security company NSO Group.
  • NSO Group denied any involvement.
  • Citizen Lab said it believed the hack was ineffective against iPhones with the iOS 14 update, but that the scale of the hack prior to that update could be worryingly large.
  • Visit Business Insider’s homepage for more stories.

Journalists at news organization Al Jazeera were targeted by an iPhone hack that sent iMessages loaded with malware, the University of Toronto’s Citizen Lab reports.

The hacking tool, dubbed “Kismet,” was a zero-click, zero-day hack, meaning Apple had no idea the exploit existed, and the malware didn’t need targets to click on anything for it to take effect.

Citizen Lab said the attack used the “Pegasus” software made by well-known Israeli security company NSO Group. 

Citizen Lab said it had identified four separate entities using Pegasus in the attack. It said it could, with “medium confidence,” link one of the four to Saudi Arabia, and another to the United Arab Emirates.

In a statement to Business Insider, NSO Group denied involvement, saying Citizen Lab’s report was based on “speculation.”

“NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, and as stated in the past we do not operate them,” a spokesperson for NSO Group said.

“However, when we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our investigation procedure in order to review the allegations,” they added.

This isn’t the first time NSO Group’s Pegasus software has been linked with hacking journalists’ phones.

In June of this year, Amnesty International said Pegasus had been used by the Moroccan government to hack a Moroccan journalist’s phone. NSO Group did not confirm nor deny the claims, and promised to investigate.

In October last year, Facebook filed a lawsuit against the company claiming its software was used to perpetrate a large-scale hack of WhatsApp users, including journalists and human rights activists. NSO is fighting the lawsuit. 

Citizen Lab said it believed the hack was ineffective against iPhones with the iOS 14 update, but that the scale of the hack prior to that update rolling out could be worryingly large.

“Given the global reach of NSO Group’s customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a minuscule fraction of the total attacks leveraging this exploit,” Citizen Lab said in its report.

While Citizen Lab first detected Kismet in July 2020, it said device logs suggest the hack was being used as far back as October 2019.

An Apple spokesperson told Business Insider that iOS 14, which was launched in September of this year, was more robust.

“At Apple, our teams work tirelessly to strengthen the security of our users’ data and devices. iOS 14 is a major leap forward in security and delivered new protections against these kinds of attacks. The attack described in the research was highly targeted by nation states against specific individuals. We always urge customers to download the latest version of the software to protect themselves and their data,” the spokesperson said.

Read the original article on Business Insider