WhatsApp has filed a lawsuit against cyber intelligence organisation NSO Group, claiming that it created an exploit which made it possible for malicious parties to install spyware on users’ smartphones.
The exploit used a vulnerability in WhatsApp’s voice calling feature which made users think they were getting a call when in fact malware was being installed on their smartphone.
This malware gave malicious parties complete access to the victim’s device.
In the lawsuit, WhatsApp claims that the NSO Group “developed their malware in order to access messages and other communications after they were decrypted”.
WhatsApp has since patched the exploit.
WhatsApp vice president Will Cathcart wrote an article in the Washington Post explaining how WhatsApp came to learn that NSO Group was the organisation responsible for the exploit.
“As we gathered the information that we lay out in our complaint, we learned that the attackers used servers and Internet-hosting services that were previously associated with NSO,” said Cathcart.
“In addition, as our complaint notes, we have tied certain WhatsApp accounts used during the attacks back to NSO. While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful.”
NSO Group has denied that it was involved in the attack.