Firm tied to WhatsApp spying previously flagged in SA

The company allegedly at the centre of a spyware attack using a vulnerability in WhatsApp’s security features has previously been flagged as being linked to spyware infections in South Africa.

A 2018 report titled ‘Hide and Seek’ published by The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto in Canada, which helped to uncover the recent WhatsApp breach, identified 45 countries — including South Africa and other African nations — with suspected Pegasus spyware infections.

Pegasus — a tool that can turn on a phone’s microphone and camera, allowing an attacker to monitor a target’s calls, emails and contacts — was developed by Israeli technology firm NSO Group, thought to be responsible for the surveillance software installed on an unknown number of smartphones using a loophole in WhatsApp’s security features.

Suspected Pegasus infections were also identified in Algeria, Cote d’Ivoire, Egypt, Kenya, Libya, Morocco, Rwanda, Togo, Tunisia, Uganda and Zambia.

At the time of the report’s publication, NSO Group said in a statement to Citizen Lab: “Our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws.” It added that there are “multiple problems” with the Citizen Lab report, and that the list of 45 countries is inaccurate.

On Tuesday, theFinancial Times reported that WhatsApp had discovered a vulnerability that allowed spyware to be installed into a user’s phone through the messaging app’s phone call function.

WhatsApp, which is used by 1.5-billion people, is owned by Facebook, which has come under fire in recent years for its own porous privacy policies.

According to the Financial Times report WhatsApp discovered the security flaw earlier this month. The vulnerability reportedly enabled attackers to install surveillance software on smartphones by ringing up targets using the app’s phone call function.

The software was reportedly developed by the NSO Group which is facing legal action over Pegasus.

In August last year, The New York Times reported that the NSO group is at the centre of two lawsuits accusing the company of actively participating in illegal spying.

One lawsuit reportedly alleges that journalists and activists have been targeted by surveillance technology sold to the Mexican government by NSO.

The lawsuits also reportedly argue that an affiliate of the NSO Group attempted to spy on foreign government officials in the United Arab Emirates four years ago.

According to the New York Times article, the technology used by the NSO affiliate works by sending text messages to a target’s phone, hoping to bait the person into clicking on them. If the user does, Pegasus is secretly downloaded. It works on phones running Android, BlackBerry OS, and iOS operating software..

READ MORE: South African phones targeted by notorious ‘governments only’ spyware

NSO has reportedly previously rebuffed claims that it actively enabled governments to spy on their citizens, repeatedly asserting that it merely sells the technology to governments which agree to deploy it exclusively against criminals.

On Tuesday, WhatsApp reportedly encouraged users to update to the latest version of the app, which was published on Monday.

According to the Financial Times, WhatsApp said in a statement: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can and to work with them to notify civil society.”

When asked about the WhatsApp attacks by the Financial Times, NSO reportedly said it was investigating the issue: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”

READ MORE: State agency lied to spy on reporter

South African surveillance researcher Murray Hunter reiterated the importance of updating applications as a measure to prevent spyware infections. But Hunter also emphasised the role of government in disclosing its hacking capabilities in getting to the bottom of the extent of spyware abuses.

Hunter told the Mail & Guardian that because of the secrecy around surveillance operations, South Africans “know very little” about the extent to which spyware is being used to unlawfully monitor their devices.

“In the South African context there is evidence that the government has hacking capabilities using spyware … But there is no law regulating how they would use those capabilities. They have never admitted to having those capabilities,” Hunter said on Tuesday.

“So the public is in a situation where we know that these things happen. We know that in other places they have been abused. We know that there are traces of foreign-made software in our networks. But we actually have no clarity on who is doing it, what guidelines they are governed by and what is spent on it.”

Hunter said that — though governments may justify the secrecy around surveillance operations by saying that they are very sensitive and a matter of national security — civil society is calling for basic disclosures about what the government can and cannot do “and the legacy of spying abuses in South Africa against whistleblowers, journalists and activists as well as the general public”.

He added that South Africans cannot rely on private companies to protect their data and so must call on government to do so.

“They [private companies] have a history of putting profit over privacy. That is essentially why they exist and firms like NSO have shown that they will sell their software to the most abusive and roguish states in the world,” Hunter said.

“So you can never trust them to do the right thing. And that is why we have to demand that governments like ours actually show citizens that they will do whatever is necessary to protect us.”

Sarah Smit
Sarah Smit
Sarah Smit is a general news reporter at the Mail & Guardian. She covers topics relating to labour, corruption and the law.

Senior SANDF colonel involved in an alleged business scam

A senior soldier who is part of South Africa’s peacekeeping missions is accused by her colleagues of swindling them out of of hundreds of thousands of rands in a nonexistent business deal

AU pushes the frontiers of transitional justice

Now these important policy developments must be implemented

Mass store and job cuts at Massmart

Changed market conditions and an appalling economy has hit low end cash-and-carry outlets

Courts to guide land expropriation

Two bits of law need to be approved before a court can decide if land owners will be compensated

Press Releases

New-style star accretion bursts dazzle astronomers

Associate Professor James O Chibueze and Dr SP van den Heever are part of an international team of astronomers studying the G358-MM1 high-mass protostar.

2020 risk outlook: Use GRC to build resilience

GRC activities can be used profitably to develop an integrated risk picture and response, says ContinuitySA.

MTN voted best mobile network

An independent report found MTN to be the best mobile network in SA in the fourth quarter of 2019.

Is your tertiary institution is accredited?

Rosebank College is an educational brand of The Independent Institute of Education, which is registered with the Department of Higher Education and Training.

Is your tertiary institution accredited?

Rosebank College is an educational brand of The Independent Institute of Education, which is registered with the Department of Higher Education and Training.

VUT chancellor, Dr Xolani Mkhwanazi, dies

The university conferred the degree of Doctor of Science Honoris Causa on Dr Xolani Mkhwanazi for his outstanding leadership contributions to maths and science education development.

Innovate4AMR now in second year

SA's Team pill-Alert aims to tackle antimicrobial resistance by implementing their strategic intervention that ensures patients comply with treatment.

Medical students present solution in Geneva

Kapil Narain and Mohamed Hoosen Suleman were selected to present their strategic intervention to tackle antimicrobial resistance to an international panel of experts.