A British human rights lawyer said Tuesday he believed his phone was targeted with Israeli-developed spyware through the WhatsApp messaging application in order to obtain information on his work.
Earlier, WhatsApp said spyware crafted by an “advanced cyber actor” infected multiple targeted mobile phones through the app without any user intervention through in-app voice calls. The Financial Times identified the actor as Israel’s NSO Group, and a WhatsApp spokesman later said “we’re certainly not refuting any of the coverage you’ve seen.”
The lawyer, who declined to be named, is currently part of a lawsuit against Israeli firm NSO Group over its development of software that has reportedly been used to target political dissidents.
“It is upsetting but it is not surprising. Someone has to be quite desperate to target a lawyer, and to use the technology that is the very subject of the lawsuit,” he told the Guardian.
He said after receiving a number of suspicious WhatsApp calls early in the morning a few months ago, he contacted researchers at the University of Toronto’s Citizen Lab, an internet watchdog.
“They started their own investigation and they were also talking to WhatsApp, who had also noticed irregular activity on other phones,” the lawyer said.
“Over the weekend Citizen Lab was able to establish that there has been an attempt to target my phone using Pegasus. Citizen Lab told me on Sunday night that this was an attempt to target me,” he added, referring to malware developed by NSO.
He said he did not believe the effort to hack his phone was done by a government. However, he did not say who he believed was responsible.
The Israeli firm strongly denied it was behind the attempted phone hacking.
“NSO would not or could not use its technology in its own right to target any person or organisation, including this individual,” it said in statement to the Guardian.
According to WhatsApp, which is owned by Facebook, the malware is able to penetrate phones through missed calls alone via the app’s voice calling function. An unknown number of people — an amount in the dozens at least would not be inaccurate — were infected with the malware, which the WhatsApp said it discovered in early May, said a company spokesman, who was not authorized to be quoted by name.
John Scott-Railton, a researcher with Citizen Lab, called the hack “a very scary vulnerability.”
“There’s nothing a user could have done here, short of not having the app,” he said.
The WhatsApp spokesman said the attack had “all the hallmarks of a private company that has been known to work with governments to deliver spyware that has the ability to take over mobile phone operating systems.”
The spokesman said WhatsApp, which has more than 1.5 billion users, immediately contacted Citizen Lab and human rights groups, quickly fixed the issue and pushed out a patch. He said WhatsApp also provided information to US law enforcement officials to assist in their investigation.
He said the flaw was discovered while “our team was putting some additional security enhancements to our voice calls” and that engineers found that people targeted for infection “might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped.”
“We are deeply concerned about the abuse of such capabilities,” WhatsApp said in a statement.
The revelation adds to the questions over the reach of the Israeli company’s powerful spyware, which can hijack smartphones, control their cameras and effectively turn them into pocket-sized surveillance devices.
NSO’s spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents. Most notably, the spyware was implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.
Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, are currently suing NSO in an Israeli court over the hacking.
In a statement, a spokesperson for NSO did not deny that it was behind the software that exploited the vulnerability in WhatsApp.
“NSO’s technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions,” the statement said.
“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” it added.
On Monday, Amnesty International — which said last year that one its staffers was also targeted with the spyware — said it would join in a legal bid to force Israel’s Defense Ministry to suspend NSO’s export license.