According to Cathcart, Facebook-owned WhatsApp linked servers and services used in the attack with NSO Group, and also uncovered evidence tying WhatsApp accounts used in the attack to the spyware vendor.
NSO's phone hacking software has already been implicated in a series of human rights abuses across Latin America and the Middle East, including a sprawling espionage scandal in Panama and an attempt to spy on an employee of the London-based rights group Amnesty International.
NSO Group, owned by the parent company Q Cyber Technologies, is an Israeli firm that's become a world leader in building malware that targets mobile phones and devices. The company is seeking a permanent injunction to ban the NSO Group from using WhatsApp again. "The person did not even have to answer the call".
"A fundamental problem with these companies - and NSO isn't the only one - is that the private surveillance industry acts in practical darkness", Kaye said Tuesday night, after the lawsuit was filed.
Lawyer Scott Watnik called WhatsApp's move "entirely unprecedented", explaining that major service providers tended to shy away from litigation for fear of "opening up the hood" and revealing too much about their digital security.
"As we collected the information that we lay out in our complaint, we learned that the attackers utilised servers and Web-hosting products and services that were being beforehand affiliated with NSO". The biz maintains that it sells the software - which silently infects and monitors targets' phones and devices - only to governments and intelligence agencies to fight terrorism.
WhatsApp accuses NSO Group of exploiting a vulnerability to target approximately 1,400 phones and devices with "malware created to infect with the goal of conducting surveillance on specific WhatsApp users".
The company said using its technology for any purposes other than preventing crime and terrorism is a misuse and contractually prohibited.
'NSO Group claims it sells its spyware strictly to government clients only, and all of its exports are undertaken in accordance with Israeli government export laws and oversight mechanisms.
The attack worked by exploiting an audio-calling vulnerability in WhatsApp.
Fb claimed that centered on state codes of the focused WhatsApp quantities, the targeted users ended up located in the Kingdom of Bahrain, the United Arab Emirates, and Mexico. "We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system".
Facebook's lawsuit says that while the spyware isn't capable of breaking WhatsApp's encryption, it can access the messages after they've been decrypted on the receiver's device.
"Governments and companies need to do more to protect vulnerable groups and individuals from these attacks", WhatsApp's Will Cathcart added in his op-ed post. NSO's technologies supply proportionate, lawful remedies to this situation. Last year, Jamal Khashoggi, a journalist, was tortured and murdered by Saudi Arabia inside the country's consulate in Istanbul. "Whilst their attack was highly subtle, their makes an attempt to include their tracks were not exclusively profitable", Cathcart said. "Now, we are seeking to hold NSO accountable under USA state and federal laws, including the US Computer Fraud and Abuse Act", Cathcart writes.