(29.04.2020)

According to WhatsApp’s filing, NSO gained “unauthorised access” to its servers by reverse-engineering the messaging app and then evading the company’s security features that prevent manipulation of the company’s call features. One WhatsApp engineer who investigated the hacks said in a sworn statement submitted to the court that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data centre was used by NSO.