WhatsApp, which prides itself on its encrypted messaging capabilities, has filed a complaint in a California court accusing spyware company NSO Group and its parent company Q Cyber Technologies of targeting at least 1,400 users across the world.
What WhatsApp has claimed
WhatsApp claims it detected the attack in May 2019 and found that NSO exploited a “buffer overflow vulnerability in WhatsApp VOIP stack” to send its Pegasus malware to the target devices, even without the users answering the calls they received.
WhatsApp has roped in cyber security experts at the Citizen Lab, an academic research group based at the University of Toronto’s Munk School, to learn more about the attack. As part of their investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe.
The Citizen Lab says “NSO Group / Q Cyber Technologies’ flagship spyware” has many names and Pegasus is just one of the commonly used one. It is also called Q Suite and can infiltrate both iOS and Android devices. To spy on a target, operators use multiple vectors to penetrate security features in operating systems and silently install Pegasus without the user’s knowledge or permission. While in this case the vector was a missed WhatsApp Call, Citizen Lab claims its has identified other cases, which include “tricking targets into clicking on a link using social engineering”. Once installed, Pegasus can start contacting the operator’s command and control (C&C) servers to receive and execute commands as well as send back critical information including passwords and text messages. It can also help the operator turn on the camera or microphone of the device and even track location in real time. It has been designed to avoid leaving footprints and also use minimum bandwidth.
Source: The Indian Express
Relevant for GS Prelims & Mains Paper III; Internal Security