Today should be a wake-up call for those with smartphones after it was revealed that the popular Whatsapp mobile phone application had been compromised with sophisticated spyware.
Cyber attackers were apparently able to install spyware on WhatsApp through its voice call function, even if the user did not pick up the call, the company confirmed [Sky News / BBC].
Dozens of WhatsApp users, including human rights organisations and a UK-based lawyer, may have been targeted in the attack which exploited a major vulnerability in the app in an attempt to take over the operating system.
The breach was discovered in early May, though no specific date has been made public, and has since been fixed. But WhatsApp, which claims to have more than 1.5 billion users, has urged people to update their app to the latest version of the software.
Citizen Lab at the University of Toronto said an attacker attempted to exploit the app, and was blocked, as recently as Sunday evening.
The Financial Times reported the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.
However, NSO Group has distanced itself from direct involvement. In a statement it said, "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies."
"NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer)."
While NSO may not be directly involved, the company is known to sell its technology to third parties particularly foreign governments.
In 2018 a series of reports [Foreign Policy / CitizenLab] said NSO technology had been employed in the targeting of Ahmed Mansoor, a a well-known human rights activist in the United Arab Emirates.
At around the same time Mansoor had his passport confiscated, his car stolen, his email hacked, his location tracked, his bank account emptied, and was beaten by strangers twice in the same week.
Within a year Mansoor had been detained and subsequently jailed for ten years.
This year the New York Times reported that in 2017 Saud al-Qahtani, then a top adviser to Saudi Arabia's powerful crown prince, was tracking Saudi dissidents around the world and was using NSO Group's technology to aid his search. It is suspected that Saud al-Qahtani's extensive surveillance efforts ultimately led to the killing of the journalist Jamal Khashoggi.
It's not just Arab states that are employing NSO's software. According to CitizenLab at least 45 countries were using Israel-based "Cyber Warfare" vendor NSO Group's mobile phone spyware suite called Pegasus.
In the past the focus has been on weapons manufacturers and governments who have been selling arms and military equipment to questionable governments around the world.
While such issues are no less important, it is clear that cyber-weapons pose a significant threat also.
The sale of such software to governments might well be legal. But there are certainly moral questions that should be answered if such technology is being used to illegally target arguably innocent citizens and detain them.
There is also the risk that such software is more difficult to control in terms of its escape into the wild. While guns, tanks and aircraft can be smuggled and sold to dubious organisations and groups outside of government control it is more difficult than disseminating code which can simply be emailed or passed to others on something as small as a memory card or USB thumb drive.
Cyber attackers were apparently able to install spyware on WhatsApp through its voice call function, even if the user did not pick up the call, the company confirmed [Sky News / BBC].
Dozens of WhatsApp users, including human rights organisations and a UK-based lawyer, may have been targeted in the attack which exploited a major vulnerability in the app in an attempt to take over the operating system.
The breach was discovered in early May, though no specific date has been made public, and has since been fixed. But WhatsApp, which claims to have more than 1.5 billion users, has urged people to update their app to the latest version of the software.
Citizen Lab at the University of Toronto said an attacker attempted to exploit the app, and was blocked, as recently as Sunday evening.
The Financial Times reported the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.
However, NSO Group has distanced itself from direct involvement. In a statement it said, "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies."
"NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer)."
While NSO may not be directly involved, the company is known to sell its technology to third parties particularly foreign governments.
In 2018 a series of reports [Foreign Policy / CitizenLab] said NSO technology had been employed in the targeting of Ahmed Mansoor, a a well-known human rights activist in the United Arab Emirates.
At around the same time Mansoor had his passport confiscated, his car stolen, his email hacked, his location tracked, his bank account emptied, and was beaten by strangers twice in the same week.
Within a year Mansoor had been detained and subsequently jailed for ten years.
This year the New York Times reported that in 2017 Saud al-Qahtani, then a top adviser to Saudi Arabia's powerful crown prince, was tracking Saudi dissidents around the world and was using NSO Group's technology to aid his search. It is suspected that Saud al-Qahtani's extensive surveillance efforts ultimately led to the killing of the journalist Jamal Khashoggi.
It's not just Arab states that are employing NSO's software. According to CitizenLab at least 45 countries were using Israel-based "Cyber Warfare" vendor NSO Group's mobile phone spyware suite called Pegasus.
In the past the focus has been on weapons manufacturers and governments who have been selling arms and military equipment to questionable governments around the world.
While such issues are no less important, it is clear that cyber-weapons pose a significant threat also.
The sale of such software to governments might well be legal. But there are certainly moral questions that should be answered if such technology is being used to illegally target arguably innocent citizens and detain them.
There is also the risk that such software is more difficult to control in terms of its escape into the wild. While guns, tanks and aircraft can be smuggled and sold to dubious organisations and groups outside of government control it is more difficult than disseminating code which can simply be emailed or passed to others on something as small as a memory card or USB thumb drive.
tvnewswatch, London, UK
No comments:
Post a Comment