|
Getting your Trinity Audio player ready...
|
Dozens of WhatsApp users, including journalists and other members of civil society, were targeted by hacking activity from spyware maker Paragon Solutions, Meta Platforms-owned WhatsApp said.
The messaging platform said it had “high confidence” that some 90 users had been targeted and may have been compromised.
WhatsApp said it had not been able to identify the Paragon clients that launched the attacks.
Paragon says it sells only to government customers.
Zero-click vulnerability
Spyware companies such as Paragon say their software is for use in fighting crime and protecting national security, but such tools have been repeatedly found to have compromised the devices of journalists, activists, opposition politicians and at least 50 US officials, raising questions around their proliferation.
WhatsApp said it had sent a cease-and-desist letter to Israel-based Paragon over the attacks and was exploring its legal options.
It said it had disrupted the attacks in December and it was unclear how long the users had been targeted.
The firm declined to specify who was targeted or their locations, but said the people were based in more than two dozen countries, including several people in Europe.
WhatsApp said it was contacting the people affected.
“This is the latest example of why spyware companies must be held accountable for their unlawful actions,” the company said.
“WhatsApp will continue to protect people’s ability to communicate privately.”
The firm said it believed people were targeted via a malicious PDF sent to individuals who joined group chats.
The PDF contained an exploit that could take over the user’s device without requiring user interaction, said an official at the firm.
Paragon’s Graphite software gives the attacker full access to a device, allowing them to read messages sent or received by encrypted apps such as WhatsApp or Signal in an unencrypted state.
‘Mercenary spyware’
John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, said the lab provided WhatsApp with information that helped to identify the attack vector.
Citizen Lab is expected to publish a report on the attacks.
The incident is “a reminder that mercenary spyware continues to proliferate”, Scott-Railton said.
Paragon was reportedly sold to Florida-based investment group AE Industrial Partners last month for $900 million (£726m), but the deal has reportedly not yet received regulatory approval in Israel.
“For some time Paragon has had the reputation of a ‘better’ spyware company not implicated in obvious abuses, but WhatsApp’s recent revelations suggest otherwise,” said Access Now senior tech legal counsel Natalia Krapiva.
“This is not just a question of some bad apples – these types of abuses are a feature of the commercial spyware industry.”
Legal questions
Paragon declined to comment, but a person connected with the company told the Guardian that it has 35 government customers including Greece, Poland, Hungary, Mexico and India.
The firm has said in the past that it only does business with stable, democratic countries.
In 2021 Israeli spyware group NSO Group was placed on the US Commerce Department Entity List blacklist for activities “contrary to the national security or foreign policy interests of the United States”.
The company has lobbied for removal from the list.
A US court last month found NSO liable for hacking into WhatsApp’s systems to plant spyware on some 1,400 devices.
