Vulnerabilities in modern tech are unavoidable. However, in the recent past, tech vulnerabilities relied to some extent upon the interaction of the user. Today’s tech exploits may not even need that interaction, as WhatsApp’s suit against an Israeli tech firm highlights. The company that WhatsApp intends to sue is responsible for the development of a technology that allows malicious users to access users’ WhatsApp conversation data, upload it to a cloud server, and then wipe all traces that it was on the phone. It can achieve this through a simple phone call from an overseas number that doesn’t even show up in the call logs the next day.
Spyware Injection into Phones Without Interaction
WhatsApp tracked the malicious software after they detected a series of suspicious phone calls emanating from Israel, Sweden, the Netherlands, and other countries. The voice and video calls didn’t even need to be answered to inject the spyware onto the phone. Today WhatsApp announced that the spyware, which they had stated before, was built by a commercial entity, was traceable to the Israeli firm NSO Group. The Israeli company is a known manufacturer of spyware that has been utilized by both governments and private organizations previously. NSO Group has come out disputing the claims, stating unequivocally that they had nothing to do with the development of this particular malware.
While the extent of the individuals that have been affected by the malware is not yet known, the lists of names include several religious leaders and political activists. The Citizen Lab’s research into the event has revealed that at least a hundred individuals in over twenty countries have had their phones compromised by the malware. It remains one of the most significant attacks on civil society’s personal data using technology. In some cases, it could lead to specific individuals being targeted by their enemies for their speech through the encrypted app.