Facebook filed a lawsuit against mobile surveillance firm NSO Group on Tuesday over the alleged attack on its WhatsApp messaging platform earlier this year.
In a complaint filed on Tuesday, the social media giant accused NSO to have injected malware on to the phones of about 1,400 WhatsApp users. The security attack was said to be part of a broader government campaign that targets journalists, diplomats, human rights activists, government officials, and other parties.
In a blog post published on its site, WhatsApp claimed that NSO exploited its video calling system in order to deliver spyware on to the mobile devices of the targeted users. This, in turn, enabled hackers to access the text messages, emails, chats, contact details, calls records, location, microphone, and camera of the users’ devices.
WhatsApp said it worked closely with cybersecurity research group Citizen Lab to review the hacking incident and study the use of NSO’s spyware product called Pegasus, which enabled clients to remotely “intercept and extract information and communications from mobile phones and devices.”
“WhatsApp cares deeply about the privacy and security of our users,” the messaging platform wrote in a post. “Some of your most personal moments are shared on WhatsApp, which is why we provide end-to-end encryption for all messages and calls by default. This attack was developed to access messages after they were decrypted on an infected device, abusing in-app vulnerabilities and the operating systems that power our mobile phones.”
Meanwhile, NSO Group disputed the claims and stated it would “vigorously fight” the social networking giant in court.
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” NSO wrote in a statement. “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime.”
In May this year, news about the phone hacks broke out after WhatsApp revealed it had discovered a vulnerability that allows attackers to inject spyware on to the phones of targeted users.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” the company said in May. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.”