Vulnerability in WhatsApp: Targeting human rights activists

05/14/2019
G DATA Blog

According to his own statements, a London human rights lawyer has become the target of an attack with an espionage tool. A security vulnerability in Whatsapp made it possible to taget data on a compromised device.

Spying by phone call - what may sound strange has been reality for quite some time, with a security hole in Apple's Facetime making headlines earlier this year. According to a report by the New York Times, in one current case a spy only had to make a whatsapp call to gain access to the data of a device. This was made possible by a security hole in Whatsapp's voice call function. The vulnerability has now been fixed. Users should therefore install the Whatsapp update immediately in order to protect themselves.

Questionable ethics

The suspected manufacturer of the tool, the Israel-based NSO Group, has already caused a stir in the past with its spyware software Pegasus. The company claims to license its technologies exclusively to government agencies for the purpose of fighting terrorism or assisting in law enforcement. According to the NSO group, an "internal ethics committee" ensures that the solution is not misused.
In the past, however, cases have repeatedly come to light in which NSO technologies were used to spy on and bring to court human rights activists in countries such as the United Arab Emirates. Other countries with a questionable track record as far as human rights are concerned, also appear to be part of NSO's roster of customers. The company's assertions of ethical conduct should therefore be questioned critically. In the eyes of a repressive regime, for example, human rights activists or political dissidents  can quickly fall into the category of "terrorists" - this alwas depends on how broadly a government defines the term "terrorism".

Not an isolated case

Realistically speaking, the manufacturer of such a tool does not have a handle when it comes to its use. Similarly, a hand tool manufacturer has no influence on manner in which the tools are being used. Whatsapp has already issued a warning to human rights organisations around the world, as it is expected that the London lawyer is not th eonly person on the target list. Many of these organisations also use alternative messenger platforms such as Signal. For private purposes, however, Whatsapp is used often enough - with over 1.5 billion users, Whatsapp is the most widely used instant messaging service. Whatsapp has been part of the Facebook group of companies since 2014.

Install updates

The human rights lawyer, who wishes to remain anonymous at his own request, has also been involved in cases involving the use of NSO technologies in the past. Whatsapp is considered a chat program with solid security. A few years ago, the company adopted the Signal messenger service's exemplary encryption. However, the company is often criticized for exchanging user data with its parent company Facebook.

Tim Berghoff
Security Evangelist