Line, a popular Japanese messaging app with over 84 million monthly users, was breached resulting in the compromise of over 100 accounts belonging to Taiwanese political figures.
The hackers disabled Line’s end-to-end encryption feature called ‘Letter Sealing’ so that victim messages could be read.
The identity of the hackers is unknown at this stage. A nation-state group is likely responsible given the prestigious standing of the victims.
It’s speculated that the cybercriminals used the spyware solution Pegasus in the attack.
Pegasus was created by NSO Group, an Israeli security company that supplies government entities with technology that stops terrorist attacks.
The controversial spyware is under fire after a recent investigation by The Washington Post and 16 media partners revealed that Pegasus wasn’t being used to maintain a peaceful climate, but rather the opposite of that.
For more than half a decade, Pegasus was used by NSO clients to monitor journalists, silence critics, and threaten opponents.
France’s President Emmanuel Macron was among the 14 heads of state that had their phones infected by the software.
Potential victims have no way of knowing when they’re being targeted. A phone can become infected just by receiving a text message, without any link interactions.
Amnesty International has developed a tool called MVT (Mobile Verification Toolkit) that can detect whether your phone is infected with Pegasus.
This tool is available on GitHub. If you require setup assistance, these instructions will help.
Unfortunately, the MVT solution isn't scalable. The scanning software needs to be compiled for each assessed device, and this can only be done on either Linux or macOS
This breach has further defaced Line’s already blemished security reputation.
The messaging app provider permitted a Chinese affiliate to access its servers to support the development of an AI technology project.
The interaction allowed four technicians from a Chinese company to access user names, phone numbers, email addresses, and messages flagged as inappropriate in 2018.
Line assured its users that the accessed data was not maliciously used, and then blocked the Chinese company from further access in February 2021. This event is a potential breach of Japan’s privacy legislation which requires tech company’s to identify the specific countries that will be accessing user data.
Because Pegasus can infect devices so effortlessly, it’s unlikely that poor internal decisions facilitated this breach, though it’s still a possibility given Line’s recent headlines.
Line’s tumultuous history shines a spotlight on a disturbing reality usually eclipsed by other business affairs - vendor security cannot be trusted.