WhatsApp has reportedly sued an Israeli spyware vendor NSO Group, saying the company was actively involved in hacking users of the encrypted chat service.
The lawsuit has been filed in San Francisco is the first legal action of its kind, according to the company, involving a nearly totally unregulated realm.
The company said NSO Group violated laws including the U.S. Computer Fraud and Abuse Act with a crafty exploit that took advantage of a flaw in the popular communications program allowing a smartphone to be penetrated through missed calls alone.
According to Cathcart, Facebook-owned WhatsApp linked servers and services used in the attack with NSO Group, and also uncovered evidence tying WhatsApp accounts used in the attack to the spyware vendor.
While their attack was highly sophisticated, Cathcart writes, their attempts to cover their tracks were not entirely successful. About 1,400 devices were infected by the malicious code, according to WhatsApp.
NSO Group issued a statement in which it did not directly deny hacking WhatsApp but which said it disputed the allegations and vowed to vigorously fight them.
It wrote: “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years.”
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” NSO Group said in a statement. The company went on to say it takes action when one of its products is used for purposes other than fighting crime or terrorism.
WhatsApp is asking a court to stop NSO Group from taking similar action in the future and to award damages.
“WhatsApp will continue to do everything we can within our code, and within the courts of law, to help protect the privacy and security of our users everywhere,” Cathcart writes.