iPhone cracked in WhatsApp surveillance attack
News is emerging today that a weakness in WhatsApp has allowed spy software on to phones, possibly for years. The implications for our privacy are huge. Civil rights groups are outraged.
As the world’s biggest gathering of tech leaders, inventors, writers and shoppers converged on Las Vegas for the Consumer Electronics Show at the start of the year, many noticed an unusual billboard.
Apple, the world’s biggest tech company, usually avoids the fray. But, this year, it bought a huge site on the side of the Marriott Hotel overlooking the conference, for a giant poster. “What happens on your iPhone, stays on your iPhone,” read the words — a parody of the famous gambling city’s marketing catchphrase: “What happens in Vegas, stays in Vegas.”
It was the launch of Apple’s new global advertising campaign: “Privacy. That’s iPhone”, highlighting the importance of privacy to Apple products.
Apple has repeatedly and publicly fought to keep user data away from prying eyes. Apple CEO Tim Cook says privacy is a “fundamental human right”, a statement the company has repeated many times.
It now turns out that, unbeknown to crowds milling around below, a secretive Israeli company, NSO Group, thousands of miles away, was at the very same time holding a meeting that reduced Apple’s claim to ashes.
According to one person at the meeting, the executives from NSO Group made a bold claim: using just one simple missed call on WhatsApp, it had figured out a way to “drop its payload”, enabling a piece of software called Pegasus to penetrate the darkest secrets of any iPhone.
Within minutes of the missed call, the phone starts revealing its encrypted content, mirrored on a computer screen halfway across the world. It then transmits back the most intimate details, such as private messages or location, and even turns on the camera and microphone to live-stream meetings.
The software itself is not new — it was the latest upgrade to a decade-old technology so powerful that the Israeli defence ministry regulates its sale. But the WhatsApp hack was an enticing new “attack vector”, the person says. “Great from a sales point.”
NSO’s few hundred engineers claim they have managed to manoeuvre around whatever obstacle Apple has thrown in its way. Android phones are easier to infect.
The NSO Group says Pegasus has been used by dozens of countries to prevent terrorist attacks, infiltrate drug cartels and help rescue kidnapped children.
But two lawsuits against the company, which have been filed in Israel and Cyprus and build on investigations by human rights groups, claim they tracked the software to the phones of journalists; dissidents and critics of governments from Mexico to Saudi Arabia, including a researcher at Amnesty International; the wife of a murdered Mexican journalist, and anti-corruption activists.
Big Brother calling?
This story touches on the deepest fears of modern humanity — fears explored with astonishing prescience by George Orwell in 1984 and Aldous Huxley in Brave New World, books published in 1949 and 1932 respectively. In Orwell’s imaginary world, every citizen is under constant surveillance by the authorities and reminded of this by the slogan: “Big Brother is watching you”, on display everywhere.
What if this is happening today? Orwell and Huxley knew the consequences were grave. If we can all be tracked on our phones (“our surrogate brains”), what does this do to our souls? Without privacy, surely freedom dies? And without freedom, is life just a pale shadow of what it ought to be?
- Do you mind if the Government has access to all your phone data?
- Will our right to privacy become a thing of the past?
- Imagine that a bored secret agent in a faraway office is writing a report on you, using all your phone records. Compose a one-page summary. What would they say?
- Debate the motion: “Nobody cares about privacy unless they are doing something wrong.”
Some People Say...
“If you want to keep a secret, you must also hide it from yourself.”George Orwell, 1984
What do you think?
Q & A
- What do we know?
- Hackers were able to remotely install surveillance software on to phones and other devices using a major vulnerability in WhatsApp. The company says the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber actor”. A fix was rolled out on Friday. The attack was developed by Israeli security firm NSO Group, according to a report in The Financial Times. On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution. The attack was first discovered earlier this month.
- What do we not know?
- How rigorous NSO Group has been in selling its software “solely to intelligence and law enforcement agencies”. For how long NSO Group has been able to hack into iPhones. If NSO Group is the only company with this ability, or whether there are others. And whether governments that bought the software have used it legally.
- A situation where people compete or battle with one another.
- To copy the style of something or someone for comic effect.
- The process of helping protect personal data by using a secret code to scramble it, so it cannot be read by anyone who doesn’t have the key.
- Amnesty International
- Claims to be the world’s leading human rights’ organisation, campaigning against injustice and inequality everywhere.
- Knowing something before it has happened.