- A major security flaw in WhatsApp, a Facebook-owned messaging app used around the world, affects all 1.5 billion-plus users the Financial Times reported on Tuesday morning.
- The hack is reportedly as simple as receiving a WhatsApp phone call — even if you don’t pick up the call. A record of the call can even be remotely erased, the report says.
- The WhatsApp exploit enables the sophisticated spyware "Pegasus" to be installed, a notoriously invasive software tool created by the NSO Group, a secretive firm from Israel that reportedly bills itself as a leader in cyber warfare.
- The NSO Group denied its involvement in the WhatsApp exploit, though that doesn’t preclude the possibility that someone else used its products to exploit the WhatsApp security hole.
- Visit Business Insider’s homepage for more stories.
A security flaw in the massively popular WhatsApp messaging platform exposes its 1.5 billion-plus users to one of the world’s most malicious spyware programs, "Pegasus."
The spy software enables remote access to your phone’s most private information — from text messages to call logs to location data.
Pegasus first surfaced in 2016 when it was reportedly used to spy on a human rights activist in the United Arab Emirates. In the years since, it’s been linked to the death of Washington Post reporter Jamal Khashoggi, as well as the Mexican government’s capture of alleged drug trafficker Joaquín "El Chapo" Guzmán.
The company that makes Pegasus, the NSO Group, is notoriously secretive.
The Israeli firm sells sophisticated hacking tools to governments, militaries, and intelligence agencies — and it tries to keep such a low profile it even changes its name on a regular basis.
Here’s everything we know about the secretive firm behind one of the world’s most effective spyware applications:
NSO Group was founded in late 2009 by serial entrepreneurs with ties to the Israeli government.
Headquartered in Herzelia, Israel, NSO Group was founded in Dec. 2009 by Omri Lavie and Shalev Hulio, according to both cofounders’ LinkedIn profiles, which show they are both serial entrepreneurs who had previously started a number of other companies in Israel. A third founder, Niv Carmi, left the company shortly after its inception and left Lavie and Hulio as majority shareholders.
The San Francisco-based private equity firm Francisco Partners acquired a majority stake in NSO for $120 million in 2014, though its operations remain in Israel.
Hulio says on his LinkedIn profile he was a company commander with the Israel Defense Forces, while Lavie says he was an employee of the Israeli government.
At least three of its current employees claim to have worked in Unit 8200, Israel’s version of the US National Security Agency.
It’s hard to figure out what the company actually does — but its website offers some clues.
The company describes what it does on its website as such:
"We develop technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime. We provide the tools that support official authorities to lawfully address the most dangerous issues in today’s world. Governments use our products to prevent terrorism, break up criminal operations, find missing persons, and assist search and rescue teams."
NSO currently employs more than 230 people, according to its numbers on LinkedIn. That’s more than double the head count it had two years ago.
The company’s specialty is "the field of cyber warfare."
Hyungwon Kang / Reuters
A brochure from the company, uploaded online by Privacy International, gives more insight into what it really does: Offer mobile hacking solutions for a variety of phones exclusively for the use of governments, law enforcement, and intelligence agencies.
NSO Group says it is "a leader in the field of cyber warfare" that utilizes its proprietary monitoring tool called "Pegasus," which can monitor and extract all data from a target "via untraceable commands" which allow "remote and stealth."
- WhatsApp users are being urged to update the app immediately after it was hacked — here’s how to get protected
- WhatsApp was hacked and attackers installed spyware on people’s phones
- 9 simple ways to protect your data that don’t take much time, but could have huge security benefits