WhatsApp says there is new Israeli spyware that can target phones, break into private data

WhatsApp has accused Israeli spyware firm Paragon Solutions of targeting 90 journalists and activists. The alleged zero-click attack exploited vulnerabilities, raising concerns over spyware misuse and accountability.

by · India Today

In Short

  • WhatsApp claims 90 journalists and activists were targeted by Paragon’s spyware
  • The attacks were zero-click, requiring no interaction from victims to infect devices
  • Paragon’s software, Graphite, grants full access to infected phones, including encrypted messages

WhatsApp has accused Israeli spyware company Paragon Solutions of targeting nearly 100 journalists and civil society members in a recent hacking campaign, as per a report by The Guardian. WhatsApp says the attacks were carried out using sophisticated spyware known as Graphite, which is capable of infiltrating devices without requiring any interaction from the victim — a technique known as a zero-click attack.

WhatsApp claims it had high confidence that around 90 users, including journalists and activists, were targeted and potentially compromised. While the messaging platform did not disclose the locations of the affected individuals, it confirmed that it had notified them of the possible breach. WhatsApp also stated that it had sent a cease and desist letter to Paragon and was exploring legal options to hold the company accountable.

Paragon Solutions, which has an office in Virginia, USA, is known for its Graphite spyware, a tool comparable to the infamous Pegasus software developed by NSO Group. Once installed on a device, Graphite grants the operator complete access, including the ability to read messages sent through encrypted apps like WhatsApp and Signal.

The identity of the attackers remains unclear. Like other spyware firms, Paragon sells its software to government clients, but WhatsApp said it could not determine who ordered the alleged attacks. A person close to Paragon claimed the company has 35 government customers, all of which are democratic nations. The cited source also stated that Paragon avoids doing business with countries previously accused of spyware abuse, such as Greece, Poland, Hungary, Mexico, and India.

This incident comes amid growing scrutiny of the commercial spyware industry. Natalia Krapiva, a senior tech legal counsel at Access Now, noted that while Paragon has been seen as a better spyware company with fewer abuse allegations, WhatsApp’s revelations suggest otherwise. "This is not just a question of some bad apples — these types of abuses are a feature of the commercial spyware industry,” she said.

WhatsApp’s announcement follows a recent legal victory against NSO Group, another Israeli spyware maker. In December, a California judge ruled that NSO was liable for hacking 1,400 WhatsApp users in 2019, violating US hacking laws and the platform’s terms of service. NSO was added to a US commerce department blacklist in 2021 for activities deemed contrary to US national security interests.

WhatsApp has not revealed how long the targets may have been under threat but confirmed that the alleged attacks were disrupted in December. The company is now working to support affected users and strengthen its defences against future breaches.

Snapdragon 8 Elite for just Rs 55,000: Is iQOO 13 too good to be true?The iQOO 13 seems almost too good to be true, a flagship device at a price that undercuts its competitors by tens of thousands. But is it truly a disruptive force in the market, or is there more to the story?Aman Rashid, 03 Jan 2025OnePlus 13 effectively available for Rs 64,999: Who should buy it?With the OnePlus 13, the brand aims to uphold its legacy of delivering a smooth user experience and polished software along with raw performance. But who should actually buy it?Aman Rashid, 17 Jan 2025