Get more Mail & Guardian
Subscribe or Login

Firm tied to WhatsApp spying previously flagged in SA

The company allegedly at the centre of a spyware attack using a vulnerability in WhatsApp’s security features has previously been flagged as being linked to spyware infections in South Africa.

A 2018 report titled ‘Hide and Seek’ published by The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto in Canada, which helped to uncover the recent WhatsApp breach, identified 45 countries — including South Africa and other African nations — with suspected Pegasus spyware infections.

Pegasus — a tool that can turn on a phone’s microphone and camera, allowing an attacker to monitor a target’s calls, emails and contacts — was developed by Israeli technology firm NSO Group, thought to be responsible for the surveillance software installed on an unknown number of smartphones using a loophole in WhatsApp’s security features.

Suspected Pegasus infections were also identified in Algeria, Cote d’Ivoire, Egypt, Kenya, Libya, Morocco, Rwanda, Togo, Tunisia, Uganda and Zambia.

At the time of the report’s publication, NSO Group said in a statement to Citizen Lab: “Our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws.” It added that there are “multiple problems” with the Citizen Lab report, and that the list of 45 countries is inaccurate.

On Tuesday, theFinancial Times reported that WhatsApp had discovered a vulnerability that allowed spyware to be installed into a user’s phone through the messaging app’s phone call function.

WhatsApp, which is used by 1.5-billion people, is owned by Facebook, which has come under fire in recent years for its own porous privacy policies.

According to the Financial Times report WhatsApp discovered the security flaw earlier this month. The vulnerability reportedly enabled attackers to install surveillance software on smartphones by ringing up targets using the app’s phone call function.

The software was reportedly developed by the NSO Group which is facing legal action over Pegasus.

In August last year, The New York Times reported that the NSO group is at the centre of two lawsuits accusing the company of actively participating in illegal spying.

One lawsuit reportedly alleges that journalists and activists have been targeted by surveillance technology sold to the Mexican government by NSO.

The lawsuits also reportedly argue that an affiliate of the NSO Group attempted to spy on foreign government officials in the United Arab Emirates four years ago.

According to the New York Times article, the technology used by the NSO affiliate works by sending text messages to a target’s phone, hoping to bait the person into clicking on them. If the user does, Pegasus is secretly downloaded. It works on phones running Android, BlackBerry OS, and iOS operating software..

READ MORE: South African phones targeted by notorious ‘governments only’ spyware

NSO has reportedly previously rebuffed claims that it actively enabled governments to spy on their citizens, repeatedly asserting that it merely sells the technology to governments which agree to deploy it exclusively against criminals.

On Tuesday, WhatsApp reportedly encouraged users to update to the latest version of the app, which was published on Monday.

According to the Financial Times, WhatsApp said in a statement: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can and to work with them to notify civil society.”

When asked about the WhatsApp attacks by the Financial Times, NSO reportedly said it was investigating the issue: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”

READ MORE: State agency lied to spy on reporter

South African surveillance researcher Murray Hunter reiterated the importance of updating applications as a measure to prevent spyware infections. But Hunter also emphasised the role of government in disclosing its hacking capabilities in getting to the bottom of the extent of spyware abuses.

Hunter told the Mail & Guardian that because of the secrecy around surveillance operations, South Africans “know very little” about the extent to which spyware is being used to unlawfully monitor their devices.

“In the South African context there is evidence that the government has hacking capabilities using spyware … But there is no law regulating how they would use those capabilities. They have never admitted to having those capabilities,” Hunter said on Tuesday.

“So the public is in a situation where we know that these things happen. We know that in other places they have been abused. We know that there are traces of foreign-made software in our networks. But we actually have no clarity on who is doing it, what guidelines they are governed by and what is spent on it.”

Hunter said that — though governments may justify the secrecy around surveillance operations by saying that they are very sensitive and a matter of national security — civil society is calling for basic disclosures about what the government can and cannot do “and the legacy of spying abuses in South Africa against whistleblowers, journalists and activists as well as the general public”.

He added that South Africans cannot rely on private companies to protect their data and so must call on government to do so.

“They [private companies] have a history of putting profit over privacy. That is essentially why they exist and firms like NSO have shown that they will sell their software to the most abusive and roguish states in the world,” Hunter said.

“So you can never trust them to do the right thing. And that is why we have to demand that governments like ours actually show citizens that they will do whatever is necessary to protect us.”

Subscribe for R500/year

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and get a 57% discount in your first year.

Sarah Smit
Sarah Smit
Sarah Smit is a general news reporter at the Mail & Guardian. She covers topics relating to labour, corruption and the law.

Related stories


If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here


Subscribers only

Fears of violence persist a year after the murder of...

The court battle to stop coal mining in rural KwaZulu-Natal has heightened the sense of danger among environmental activists

Data shows EFF has lower negative sentiment online among voters...

The EFF has a stronger online presence than the ANC and Democratic Alliance

More top stories

Kenya’s beach boys fall into sex tourism, trafficking

In the face of their families’ poverty, young men, persuaded by the prospect of wealth or education, travel to Europe with their older female sponsors only to be trafficked for sex

High court reinstates Umgeni Water board

The high court has ruled that the dissolution of the water entity’s board by Minister Lindiwe Sisulu was unfair and unprocedural

Mkhize throws the book at the Special Investigating Unit

It’s a long shot at political redemption for the former health minister and, more pressingly, a bid to avert criminal charges

press releases

Loading latest Press Releases…