Earlier today, Iranian officials urged the country’s citizens to remove the messaging platform WhatsApp from their smartphones. Without providing any supporting evidence, they alleged the app gathers user information to send to Israel.
WhatsApp has rejected the allegations. In a statement to Associated Press, the Meta-owned messaging platform said it was concerned “these false reports will be an excuse for our services to be blocked at a time when people need them most”. It added that it does not track users’ location nor the personal messages people are sending one another.
It is impossible to independently assess the allegations, given Iran provided no publicly accessible supporting evidence.
But we do know that even though WhatsApp has strong privacy and security features, it isn’t impenetrable. And there is at least one country that has previously been able to penetrate it: Israel.
3 billion users
WhatsApp is a free messaging app owned by Meta. With around 3 billion users worldwide and growing fast, it can send text messages, calls and media over the internet.
It uses strong end-to-end encryption meaning only the sender and recipient can read messages; not even WhatsApp can access their content. This ensures strong privacy and security.
Advanced cyber capability
The United States is the world leader in cyber capability. This term describes the skills, technologies and resources that enable nations to defend, attack, or exploit digital systems and networks as a powerful instrument of national power.
But Israel also has advanced cyber capability, ranking alongside the United Kingdom, China, Russia, France and Canada.
Israel has a documented history of conducting sophisticated cyber operations. This includes the widely cited Stuxnet attack that targeted Iran’s nuclear program more than 15 years ago. Israeli cyber units, such as Unit 8200, are renowned for their technical expertise and innovation in both offensive and defensive operations.
Seven of the top 10 global cybersecurity firms maintain R&D centers in Israel, and Israeli startups frequently lead in developing novel offensive and defensive cyber tools.
A historical precedent
Israeli firms have repeatedly been linked to hacking WhatsApp accounts, most notably through the Pegasus spyware developed by Israeli-based cyber intelligence company NSO Group. In 2019, it exploited WhatsApp vulnerabilities to compromise 1,400 users, including journalists, activists and politicians.
Last month, a US federal court ordered the NSO Group to pay WhatsApp and Meta nearly US$170 million in damages for the hack.
Another Israeli company, Paragon Solutions, also recently targeted nearly 100 WhatsApp accounts. The company used advanced spyware to access private communications after they had been de-encrypted.
These kinds of attacks often use “spearphishing”. This is distinct from regular phishing attacks, which generally involve an attacker sending malicious links to thousands of people.
Instead, spearphishing involves sending targeted, deceptive messages or files to trick specific individuals into installing spyware. This grants attackers full access to their devices – including de-encrypted WhatsApp messages.
A spearphishing email might appear to come from a trusted colleague or organisation. It might ask the recipient to urgently review a document or reset a password, leading them to a fake login page or triggering a malware download.
Protecting yourself from ‘spearphishing’
To avoid spearphishing, people should scrutinise unexpected emails or messages, especially those conveying a sense of urgency, and never click suspicious links or download unknown attachments.
Hovering the mouse cursor over a link will reveal the name of the destination. Suspicious links are those with strange domain names and garbled text that has nothing to do with the purported sender. Simply hovering without clicking is not dangerous.
Enable two-factor authentication, keep your software updated, and verify requests coming through trusted channels. Regular cybersecurity training also helps users spot and resist these targeted attacks.
