Israeli spyware company that sold snooping software to Saudi Arabia, UAE linked to WhatsApp hack

Code developed by the NSO Group, an Israeli spyware company whose software was linked to Jamal Khashoggi's murder, has been implicated in a global WhatsApp hack.
4 min read
14 May, 2019
NSO previously sold hacking software to Saudi Arabia and the UAE [Getty]
An Israeli spyware company already embroiled in lawsuits over its sale of hacking software to authoritarian regimes developed a vulnerability in WhatsApp to hack mobile phones this month, the messaging app service alleged on Monday.

The spyware company, NSO Group, came to prominence last year when it was revealed that hacking software it had sold to Saudi Arabia was allegedly used to hack the phone of an associate of Jamal Khashoggi.

The hacking of Saudi dissident Abdulaziz's phone with the company's Pegasus spyware played a key role in the murder of Khashoggi, The New York Times concluded.

Abdulaziz has since launched a lawsuit against NSO, in addition to a group of Mexican journalists and activists and a Qatari journalist.

More than a billion vulnerable users

WhatsApp, a messaging and call app used by more than a billion people worldwide, discovered early this month that attackers had been able to install surveillance software on both iPhones and Android phones simply by calling targets through the app.

The code, developed by NSO, could be transferred onto phones even if users did not answer the call, a spyware technology dealer briefed on the hack told The Financial Times.

The calls often disappeared from call logs, leaving no evidence of the source of the hack, the spyware dealer added.

WhatsApp engineers were racing against time to close the breach that allowed the hack as late as Sunday, when a phone belonging to a UK-based lawyer involved in a case against NSO was allegedly hacked.

The unidentified lawyer represented Abdulaziz and a group of Mexican journalists and activists in a Cyprus-based lawsuit against the spyware company.

Canadian research group Citizen Lab said they believed the attack on the lawyer was linked to the WhatsApp breach.

Citizen Lab gained attention in 2018 for its repeated investigations of NSO, whose Pegasus spyware researchers say was used to target activists in the Middle East.

"We had a strong suspicion that the person’s phone was being targeted, so we observed the suspected attack, and confirmed that it did not result in infection," John Scott-Railton, a senior researcher with Citizen Lab, told the FT.

"We believe that the measures that WhatsApp put in place in the last several days prevented the attacks from being successful."

'Spies' linked to NSO reports

Other lawyers involved in cases against NSO, as well as Citizen Lab researchers, have been targeted by "spies".

Eyad Hamid, a journalist with The New Arab's Arabic service, was twice approached by an unidentified agent after covering the UAE's use of NSO's Pegasus spyware in the hacking of phones belonging to Qatari Emir Tamim al-Thani and Lebanese Prime Minister Saad al-Hariri, among others.

The agent had initially approached Hamid claiming she worked for an organisation, "MGP Management Group", which offered scholarships to Syrian students.

Further investigation suggests "MGP Management" either does not exist or is a front group.

During the "application process", the agent pressured Hamid to divulge information about his sources and to say his reporting had been "directed by the highest authorities of Qatar".

Amnesty challenge

NSO is now facing another lawsuit, this time challenging the company's ability to export hacking software.

Amnesty International, which said it identified an attempt to hack the phone of one of its researchers, will on Tuesday file a case with the Tel Aviv District Court demanding the Israeli ministry of defence revoke the company's export license.

Israel has put human rights at risk by allowing the export of NSO spyware technologies to countries such as Saudi Arabia and the UAE, Amnesty said.

Saudi Arabia and the UAE have allegedly used Israeli spyware to track various Saudi activists, including Omar Abdulaziz, Yahya Assiri, Ghanem al-Masarir, and award-winning Emirati human rights campaigner Ahmed Mansoor.

"The attack on Amnesty International was the final straw," Danna Ingleton, deputy director of Amnesty Tech, told the FT.

"As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International's staff and that of other activists, journalists and dissidents around the world is at risk."

WhatsApp has since rolled out an update closing the vulnerability that allowed the hack of an undisclosed number of phones.