Firm tied to WhatsApp spying previously flagged in SA

The company allegedly at the centre of a spyware attack using a vulnerability in WhatsApp’s security features has previously been flagged as being linked to spyware infections in South Africa.

A 2018 report titled ‘Hide and Seek’ published by The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto in Canada, which helped to uncover the recent WhatsApp breach, identified 45 countries — including South Africa and other African nations — with suspected Pegasus spyware infections.

Pegasus — a tool that can turn on a phone’s microphone and camera, allowing an attacker to monitor a target’s calls, emails and contacts — was developed by Israeli technology firm NSO Group, thought to be responsible for the surveillance software installed on an unknown number of smartphones using a loophole in WhatsApp’s security features.

Suspected Pegasus infections were also identified in Algeria, Cote d’Ivoire, Egypt, Kenya, Libya, Morocco, Rwanda, Togo, Tunisia, Uganda and Zambia.

At the time of the report’s publication, NSO Group said in a statement to Citizen Lab: “Our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws.” It added that there are “multiple problems” with the Citizen Lab report, and that the list of 45 countries is inaccurate.

On Tuesday, theFinancial Times reported that WhatsApp had discovered a vulnerability that allowed spyware to be installed into a user’s phone through the messaging app’s phone call function.

WhatsApp, which is used by 1.5-billion people, is owned by Facebook, which has come under fire in recent years for its own porous privacy policies.

According to the Financial Times report WhatsApp discovered the security flaw earlier this month. The vulnerability reportedly enabled attackers to install surveillance software on smartphones by ringing up targets using the app’s phone call function.

The software was reportedly developed by the NSO Group which is facing legal action over Pegasus.

In August last year, The New York Times reported that the NSO group is at the centre of two lawsuits accusing the company of actively participating in illegal spying.

One lawsuit reportedly alleges that journalists and activists have been targeted by surveillance technology sold to the Mexican government by NSO.

The lawsuits also reportedly argue that an affiliate of the NSO Group attempted to spy on foreign government officials in the United Arab Emirates four years ago.

According to the New York Times article, the technology used by the NSO affiliate works by sending text messages to a target’s phone, hoping to bait the person into clicking on them. If the user does, Pegasus is secretly downloaded. It works on phones running Android, BlackBerry OS, and iOS operating software..

READ MORE: South African phones targeted by notorious ‘governments only’ spyware

NSO has reportedly previously rebuffed claims that it actively enabled governments to spy on their citizens, repeatedly asserting that it merely sells the technology to governments which agree to deploy it exclusively against criminals.

On Tuesday, WhatsApp reportedly encouraged users to update to the latest version of the app, which was published on Monday.

According to the Financial Times, WhatsApp said in a statement: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can and to work with them to notify civil society.”

When asked about the WhatsApp attacks by the Financial Times, NSO reportedly said it was investigating the issue: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”

READ MORE: State agency lied to spy on reporter

South African surveillance researcher Murray Hunter reiterated the importance of updating applications as a measure to prevent spyware infections. But Hunter also emphasised the role of government in disclosing its hacking capabilities in getting to the bottom of the extent of spyware abuses.

Hunter told the Mail & Guardian that because of the secrecy around surveillance operations, South Africans “know very little” about the extent to which spyware is being used to unlawfully monitor their devices.

“In the South African context there is evidence that the government has hacking capabilities using spyware … But there is no law regulating how they would use those capabilities. They have never admitted to having those capabilities,” Hunter said on Tuesday.

“So the public is in a situation where we know that these things happen. We know that in other places they have been abused. We know that there are traces of foreign-made software in our networks. But we actually have no clarity on who is doing it, what guidelines they are governed by and what is spent on it.”

Hunter said that — though governments may justify the secrecy around surveillance operations by saying that they are very sensitive and a matter of national security — civil society is calling for basic disclosures about what the government can and cannot do “and the legacy of spying abuses in South Africa against whistleblowers, journalists and activists as well as the general public”.

He added that South Africans cannot rely on private companies to protect their data and so must call on government to do so.

“They [private companies] have a history of putting profit over privacy. That is essentially why they exist and firms like NSO have shown that they will sell their software to the most abusive and roguish states in the world,” Hunter said.

“So you can never trust them to do the right thing. And that is why we have to demand that governments like ours actually show citizens that they will do whatever is necessary to protect us.”

Sarah Smit
Sarah Smit
Sarah Smit is a general news reporter at the Mail & Guardian. She covers topics relating to labour, corruption and the law.

Hlophe complaint is an eerie echo

But the new complaint against the Western Cape judge president is also unprecedented

Mabuza contract grows by R10m

Eskom’s negotiators in a R100-million maintenance contract came back with a proposal to push up the costs

‘There were no marks on his neck’, Neil Aggett inquest...

The trade unionist’s partner at the time he was detained at John Vorster Square says she now believes his death was not a suicide

Study unpacks the ‘hidden racism’ at Stellenbosch

Students say they feel unseen and unheard at the university because of their skin colour

Press Releases

Gender-based violence is an affront to our humanity

Gender-based violence is an affront to our humanity

UK-Africa investment summit 2020: Think Africa Invest SA

UK-Africa investment summit 2020: Think Africa Invest SA

MTN unveils TikTok bundles

Customised MTN TikTok data bundles are available to all prepaid customers on *136*2#.

Marketers need to reinvent themselves

Marketing is an exciting discipline, offering the perfect fit for individuals who are equally interested in business, human dynamics and strategic thinking. But the...

Upskill yourself to land your dream job in 2020

If you received admission to an IIE Higher Certificate qualification, once you have graduated, you can articulate to an IIE Diploma and then IIE Bachelor's degree at IIE Rosebank College.

South Africans unsure of what to expect in 2020

Almost half (49%) of South Africans, 15 years and older, agree or strongly agree that they view 2020 with optimism.

KZN teacher educators jet off to Columbia University

A group of academics were selected as participants of the programme focused on PhD completion, mobility, supervision capacity development and the generation of high-impact research.

New-style star accretion bursts dazzle astronomers

Associate Professor James O Chibueze and Dr SP van den Heever are part of an international team of astronomers studying the G358-MM1 high-mass protostar.