WhatsApp Claims it Thwarted an NSO Spyware Campaign

Knowledge Base

Recommendations

Activism

Articles

Videos

News

Forum

Wiki

About

WhatsApp Claims it Thwarted an NSO Spyware Campaign

WhatsApp claims they detected and stopped an NSO spyware campaign against its users.<br>NSO Group is an infamous Israeli spyware company that sells to oppressive governments to use against the most people in society.<br>They are behind the Pegasus spyware that made global headlines back in 2021 and even to this day, with "world leaders, politicians, human rights defenders (HRDs), and journalists" targeted by it, according to Amnesty International.<br>The type of state-backed spyware that NSO Group specialize relies on zero-day exploits in software; that is, exploits that the developer of the software isn't aware of yet.<br>Because of the security improvements that modern operating systems, especially iOS and Android, have made, typically you need a chain of these exploits to work together to compromise a device.<br>The combination of these factors makes anything that can compromise an iPhone or Android phone quite valuable, and once they're used, they might be discovered by the software vendors and patched. Hence why they're typically only sold to governments with near-unlimited budgets and used in highly targeted attacks against individuals.<br>We successfully disrupted NSO-linked social engineering attempts, after investigating user reports. They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down.<br>WhatsApp had previously prevented an attack from NSO in 2019.<br>WhatsApp has taken a particular stance against NSO Group, winning a "landmark verdict" against the spyware vendor, barring them from using it against WhatsApp users ever again.<br>This attack constitutes a blatant violation of this ruling and as such, WhatsApp is asking the courts to hold them accountable.<br>Ultimately, though, malicious actors like NSO Group operate outside the law and the only way to truly protect against them is for software vendors to improve the security of their apps.<br>Apple has done work in iMessage such as BlastDoor and Lockdown Mode to make attacks more difficult.<br>Signal takes advantage of operating system-provided features like Apple's Memory Integrity Enforcement.<br>WhatsApp itself has worked toward improving security in the app by adding a memory-safe, hardened media library to protect against malicious media files and a lockdown mode-style feature called Strict Account Settings that will enforce secure settings on your account.<br>These are all good steps but we need greater adoption of memory-safe languages and sandboxing to protect against state-backed malware.

Share this story:

Fria Reyes

Fria is a privacy advocate and synthwave enthusiast who has been volunteering with Privacy Guides since 2023. They are an unapologetic tech optimist, and believes with the right technology we can solve any problem.

More from this author

Community Discussion