Firm tied to WhatsApp spying previously flagged in SA

The company allegedly at the centre of a spyware attack using a vulnerability in WhatsApp’s security features has previously been flagged as being linked to spyware infections in South Africa.

A 2018 report titled ‘Hide and Seek’ published by The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto in Canada, which helped to uncover the recent WhatsApp breach, identified 45 countries — including South Africa and other African nations — with suspected Pegasus spyware infections.

Pegasus — a tool that can turn on a phone’s microphone and camera, allowing an attacker to monitor a target’s calls, emails and contacts — was developed by Israeli technology firm NSO Group, thought to be responsible for the surveillance software installed on an unknown number of smartphones using a loophole in WhatsApp’s security features.

Suspected Pegasus infections were also identified in Algeria, Cote d’Ivoire, Egypt, Kenya, Libya, Morocco, Rwanda, Togo, Tunisia, Uganda and Zambia.

At the time of the report’s publication, NSO Group said in a statement to Citizen Lab: “Our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws.” It added that there are “multiple problems” with the Citizen Lab report, and that the list of 45 countries is inaccurate.

On Tuesday, theFinancial Times reported that WhatsApp had discovered a vulnerability that allowed spyware to be installed into a user’s phone through the messaging app’s phone call function.

WhatsApp, which is used by 1.5-billion people, is owned by Facebook, which has come under fire in recent years for its own porous privacy policies.

According to the Financial Times report WhatsApp discovered the security flaw earlier this month. The vulnerability reportedly enabled attackers to install surveillance software on smartphones by ringing up targets using the app’s phone call function.

The software was reportedly developed by the NSO Group which is facing legal action over Pegasus.

In August last year, The New York Times reported that the NSO group is at the centre of two lawsuits accusing the company of actively participating in illegal spying.

One lawsuit reportedly alleges that journalists and activists have been targeted by surveillance technology sold to the Mexican government by NSO.

The lawsuits also reportedly argue that an affiliate of the NSO Group attempted to spy on foreign government officials in the United Arab Emirates four years ago.

According to the New York Times article, the technology used by the NSO affiliate works by sending text messages to a target’s phone, hoping to bait the person into clicking on them. If the user does, Pegasus is secretly downloaded. It works on phones running Android, BlackBerry OS, and iOS operating software..

READ MORE: South African phones targeted by notorious ‘governments only’ spyware

NSO has reportedly previously rebuffed claims that it actively enabled governments to spy on their citizens, repeatedly asserting that it merely sells the technology to governments which agree to deploy it exclusively against criminals.

On Tuesday, WhatsApp reportedly encouraged users to update to the latest version of the app, which was published on Monday.

According to the Financial Times, WhatsApp said in a statement: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can and to work with them to notify civil society.”

When asked about the WhatsApp attacks by the Financial Times, NSO reportedly said it was investigating the issue: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”

READ MORE: State agency lied to spy on reporter

South African surveillance researcher Murray Hunter reiterated the importance of updating applications as a measure to prevent spyware infections. But Hunter also emphasised the role of government in disclosing its hacking capabilities in getting to the bottom of the extent of spyware abuses.

Hunter told the Mail & Guardian that because of the secrecy around surveillance operations, South Africans “know very little” about the extent to which spyware is being used to unlawfully monitor their devices.

“In the South African context there is evidence that the government has hacking capabilities using spyware … But there is no law regulating how they would use those capabilities. They have never admitted to having those capabilities,” Hunter said on Tuesday.

“So the public is in a situation where we know that these things happen. We know that in other places they have been abused. We know that there are traces of foreign-made software in our networks. But we actually have no clarity on who is doing it, what guidelines they are governed by and what is spent on it.”

Hunter said that — though governments may justify the secrecy around surveillance operations by saying that they are very sensitive and a matter of national security — civil society is calling for basic disclosures about what the government can and cannot do “and the legacy of spying abuses in South Africa against whistleblowers, journalists and activists as well as the general public”.

He added that South Africans cannot rely on private companies to protect their data and so must call on government to do so.

“They [private companies] have a history of putting profit over privacy. That is essentially why they exist and firms like NSO have shown that they will sell their software to the most abusive and roguish states in the world,” Hunter said.

“So you can never trust them to do the right thing. And that is why we have to demand that governments like ours actually show citizens that they will do whatever is necessary to protect us.”

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Sarah Smit
Sarah Smit
Sarah Smit is a general news reporter at the Mail & Guardian. She covers topics relating to labour, corruption and the law.

Related stories

Is WhatsApp shaping democracy in Africa?

A study shows that the social messaging platform is both emancipatory and destructive, particularly during election campaigns

Smokers’ fight to light up moves online

‘Sweeties’ (cigarettes) for R150, and marching on Parliament — an insight into the social-media groups popping up to push back against lockdown regulations

Inside Facebook’s big bet on Africa

New undersea cables will massively increase bandwidth to the continent

The writing was on the wall for SA newspapers long before Covid-19

Publications have cut salaries and frozen posts in a bid to survive the disease, but most owners failed to take appropriate steps when problems emerged in the late 1990s

Australia to force Google, Facebook to pay for news content

Australia's new regulations will also cover the sharing of data, and the ranking and display of news content, to be enforced by binding dispute resolution mechanisms and penalties

‘No-vax’ Djokovic against compulsory coronavirus vaccination

The Serbian tennis ace, who is in lockdown in Spain, spoke out against being forced to receive a vaccination in order to travel to tournaments

New education policy on gender violence released

Universities and other higher education institutions have to develop ways of preventing or dealing with rape and other damaging behaviour

Cambridge Food Jozini: Pandemic or not, the price-gouging continues

The Competition Commission has fined Cambridge Food Jozini for hiking the price of its maize meal during April

Sekhukhune’s five-year battle for water back in court

The residents of five villages are calling for the district municipal manager to be arrested

Vaccine trial results due in December

If successful, it will then have to be manufactured and distributed

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday