WhatsApp recently filed a lawsuit against NSO Group, an Israeli firm that specialises in the development of hacking tools. The Facebook-controlled messaging app alleges that the group had built and sold off a hacking platform called Pegasus to specifically exploit a flaw inside WhatsApp’s server.
According to Reuters, the tool allowed NSO Group to help its clients to hack into WhatsApp’s servers and compromised over 1400 of the app’s users between the period of 29 April and 10 May 2019. Bear in mind, that number is merely an estimate, according to a London-based human rights lawyer.
What compounds the severity of the issue are the victims that were affected by the hacking tool; Reuters reports that several senior government officials from multiple countries – all US allies – were targeted in the hack. Specifically, that list includes the UAE, Bahrain, Mexico, and India, to name a few.
At the time of writing, the Israeli government has denied any involvement in NSO Group’s hack attack. It explains that the company is a “private player using capabilities that Israelis have”, but also clarified that the company could find itself in court if the country’s security cabinet finds that it has done something that is “forbidden”.
It shouldn’t come as a surprise that this isn’t the only vulnerability that WhatsApp has. Back in May, an exploit enabled hackers to inject spyware via the messaging app simply by getting a voice call. Worse still, recipients don’t even need to pick up the call for the spyware to run its course.