Israeli malware attack against top Pakistani officials, Government takes important steps

Israeli malware attack against top Pakistani officials, Government takes important steps

ISLAMABAD – To avoid further malware attacks on the Pakistani officials being targeted with a hacking software involving an Israeli spyware company NSO Group last year, the government officials now have been strictly ordered to replace their smartphones in case they were bought before May 10th, 2019, upgrade their WhatsApp to the latest version which fixes the buffer overflow issue and not share classified or official information over the platform.

The debate about WhatsApp’s security being compromised began in May last year. WhatsApp had a buffer overflow “loophole” that allowed the NSO Group to plant spyware in more than 1,400 devices, out of which some were from Pakistan.

In October, WhatsApp filed a lawsuit against the NSO Group for building and selling a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users, including those of Pakistan, between April 29 and May 10 last year.

The malware would allow NSO’s clients – said to be governments and intelligence organisations – to secretly spy on a phone’s owner.

In a report published on Dec. 19, the Guardian claimed that the mobile phones of at least two dozen Pakistani government officials were allegedly targeted earlier last year with technology owned by the Israeli spyware company NSO Group.

According to the report, scores of Pakistani senior defence and intelligence officials were among those who could have been compromised.

Later, the Pakistan Telecommunication Authority (PTA) sought details from WhatsApp administration, stating that users’ information has been hacked through malware.

In a statement issued on Twitter, the PTA had said it had "taken up the matter with WhatsApp management".

With reference to media reports regarding @WhatsApp users being targeted worldwide including users from Pakistan with a hacking software, PTA has taken up the matter with WhatsApp.

It had added that it intended to "get the details of users that were targeted in Pakistan but also to have an update on the remedial measures taken by WhatsApp to prevent" similar incident in the future.