Vulnerability in the popular messaging application WhatsApp has been exploited by the Israeli firm NSO Group to install its spyware that was used to target more than 100 human right activists.
On Tuesday, WhatsApp said NSO spyware was used to exploit vulnerability in the app to target approximately 1,400 people between April 2019 and May 2019. One hundred of those targeted were human rights defenders from different countries around the world. The vulnerability, first published in May, allowed attackers to install spyware by calling the target using the app.
Danna Ingleton, Deputy Director of Amnesty Tech, said:“These latest revelations underscore that NSO Group continues to profit from its spyware products being used to intimidate, track, and punish scores of human rights defenders across the globe, including the Kingdom of Bahrain, the United Arab Emirates and Mexico. WhatsApp deserves credit for their tough stance against these malicious attacks, including their efforts to hold NSO to account in the courts.
“NSO says its spyware is solely intended to ‘prevent crime and terrorism’, but instead the firm’s invasive surveillance tools are being used to commit human rights abuses.” Ingleton continued.
“The safest way to stop NSO’s spyware products reaching governments who plan to misuse them is to revoke the company’s export license. This is why next week, Amnesty International is supporting a legal case in Tel Aviv District Court to force the Israeli Ministry of Defence to do exactly that.”
Next Thursday, 7 November, the Tel Aviv’s District Court is due to hear a legal case arguing that Israel’s Ministry of Defence (MoD) should revoke NSO Groups export licence. The company’s Pegasus software has been used to target journalists and activists across the globe – including in Morocco, Saudi Arabia, Mexico and the United Arab Emirates. An Amnesty International staff member was also targeted using NSO malware.
The legal action is being brought by approximately 30 members and supporters of Amnesty International Israel and others from the human rights community. The action is supported by Amnesty International as part of a joint project with New York University (NYU) School of Law’s Bernstein Institute for Human Rights and Global Justice Clinic, which seeks justice for human rights defenders targeted with malicious software.
Earlier this month, Amnesty International uncovered targeted digital attacks using Pegasus against two prominent Moroccan human rights defenders – academic and activist MaatiMonjib, and human rights lawyer Abdessadak El Bouchattaoui. (Source: Amnesty International)