Facebook Sues Cybersecurity Company Claiming It Hacked WhatsApp

Social media giant Facebook is suing the Israeli cybersecurity company NSO Group over claims that it hacked WhatsApp earlier this year.

On Tuesday, Facebook filed a complaint alleging that NSO Group used WhatsApp servers to spread malware to 1,400 mobile phones in an attempt to target journalists, diplomats, human rights activists, senior government officials, and other parties. The lawsuit claims the malware was unable to break through the Facebook-owned app’s encryption, and in turn, infected customers’ phones giving NSO access to messages after they were decrypted on the receiver’s device, CNBC reports.

Earlier this year, WhatsApp confirmed the vulnerability but did not release the attacker’s name. According to CNBC, NSO used the software “Pegasus” to access messages sent via WhatsApp as well as messages on Apple’s iMessage, Microsoft’s Skype, Telegram, WeChat, and Facebook Messenger. Facebook alleges NSO Group workers created Whatsapp accounts to send “malware components” to devices of those targeted, including by initiating calls to “secretly inject malicious code.” That’s when NSO was able to control the targeted individuals’ smartphones, according to the suit, using computers they controlled.

WhatsApp said in a blog post-Tuesday that it had contacted all 1,400 users it suspected were “impacted by this attack to directly inform them about what had happened.” “We agree with UN Special Rapporteur for Freedom of Expression David Kaye’s call for a moratorium on these attacks,” the post said. WhatsApp head Will Cathcart wrote a Washington Post opinion piece, also posted Tuesday, saying,  “Mobile phones provide us with great utility, but turned against us they can reveal our locations and our private messages, and record sensitive conversations we have with others.”

Facebook also names Q Cyber, a company affiliated with NSO, as a second defendant in the case, according to news outlets.