Because of a security breach, hackers have installed malware on phones using Apple or Android (Google) simply by calling Whatsapp users.
They accessed the content of infected smartphones (contacts, messages, photos …) and managed to install software to listen to or view the owners' environment without them being aware of it. To cover their tracks, the pirates managed to erase the history of the calls.
This form of hacking is "particularly frightening," according to John Dickson, a computer security researcher at Denim Group.
"Usually a user has to click on something or go to a site," he says. In this case, "once (the hacker) has entered, he controls the device and can do everything."
The attack was discovered early May by WhatsApp, who found a cure for less than ten days.
Cybersecurity experts believe that hackers whose identity or mobility remain unknown have used the powerful Pegasus spy software developed by the Israeli NSO Group.
If attackers have used the WhatsApp flaw, all applications can be a "spyware" vehicle, according to these experts.
"We are not yet able to create seamless or flawless software," said Joseph Hall, an expert at the American Center for Democracy and Technology (CDT).
Marc Lueck, of the security firm Zscaler, says the intrusion "is not related to encryption but to another component of the application."
By 2018, the Toronto University Citizenship Research Center identified Pegasus in 45 countries, 36 of which will be used by government agencies.
NSO claims that its technology is being sold "to governments only for the purpose of combating crime and terrorism." According to the Civic Laboratory, however, it is used in countries with "dubious" human rights records, and Saudi Arabia may have used Pegas to find journalist and critic of the regime, Jamal Hashohi, who was killed in Istanbul in October 2018.
The research center said it "revealed at least 25 cases of illegal targeting of defense groups, lawyers, scientists and researchers, investigators in cases of mass extinctions and media members."
Marc Lueck (Zscaler) points out that programs such as Pegasus are very expensive and can hardly be used to make money.
"The average person is not the purpose of this software designed to sell to governments and to target individuals rather than scale," he says.
But the flaw indicates that mobile phone applications have become a vulnerable and risky platform like a computer, "he says.
The Importance of Encryption
The encryption system provides security between two interlocutors by checking their identity, according to Mark Luk.
"This is important for privacy, but also for trust," he says.
Encryption allows WhatsApp and other messengers to protect the privacy of calls between the caller and the caller, but they can not do anything if they get into the caller's handset, notes Matt Blaze, Georgetown University expert.
The attack came when governments around the world worried they would be "in the dark" of encrypted conversations in cases of terrorism or pedophilia.
Australia forces giants of technology to allow access to their devices or services.
For Joseph Hall (CDT), Pegasus shows that governments have tools in this type of business to use loopholes and target specific targets without weakening encryption and violating privacy. billions of Whatsapp users.