Israeli spyware Graphite allegedly hacks messaging app servers instead of devices
A computer screen showing lines of code. (AFP Photo)
Israeli cybersecurity firm Paragon, founded by Israel’s former Prime Minister Ehud Barak, is facing allegations that its Graphite spyware exploits vulnerabilities in the servers of messaging apps such as WhatsApp, Telegram, and Signal to conduct surveillance.
Unlike traditional spyware that infiltrates target devices, Graphite is said to bypass device security entirely by exploiting weaknesses in the platforms’ server infrastructure.
If these allegations are true, Graphite represents a new level of sophistication in cyber espionage, making it nearly undetectable.
Hacking method: Targeting servers instead of devices
Unlike other spyware that infects individual devices, Graphite is claimed to access data directly from messaging platforms’ servers.
According to reports, Graphite impersonates the target user by using their phone number and identity details to gain access to WhatsApp, Telegram, and Signal servers. This method allegedly allows Paragon to retrieve:
✔️ Text messages
✔️ Call records
✔️ Media files
✔️ Archived conversations stored in cloud backups
The most critical aspect of this technique is that it operates entirely on the server side, meaning no malware is installed on the target’s device, leaving no forensic trace.
How Graphite differs from Pegasus
Graphite’s approach to cyber espionage is fundamentally different from previously known spyware. Pegasus, for instance, typically infects devices through zero-day exploits or malicious links, while Graphite allegedly leverages vulnerabilities in messaging app servers instead.
| Feature | Pegasus (NSO Group) | Graphite (Paragon) |
|---|---|---|
| Target | Devices (Phones, Tablets) | Application Servers |
| Infection Method | Zero-day exploits, malicious links | Server-side authentication bypass |
| Device Compromise Required | Yes | No |
| Detectability | Leaves traces on devices (forensic analysis possible) | Extremely hard to detect |
| Affected Applications | WhatsApp, iMessage, SMS, etc. | WhatsApp, Telegram, Signal |
| Accessed Data | Messages, calls, media, location | Messages, calls, media, backups |
Since Graphite does not need to infect devices, it could potentially be the most advanced spyware ever developed.
Alleged links to Israel’s Unit 8200
There are claims that Paragon’s technology was developed with the help of Israel’s elite cyber intelligence unit, Unit 8200. Known for its involvement in previous cyber warfare and surveillance tools, Unit 8200 has provided talent to companies like NSO Group, the creators of Pegasus.
Reports suggest that Ehud Barak recruited top cyber operatives from Unit 8200 to build Graphite.
WhatsApp: Spyware used in over 24 countries
WhatsApp recently confirmed that spyware attacks have targeted users in more than 24 countries.
While it remains unclear whether these attacks are linked to Graphite, if vulnerabilities in the servers of WhatsApp, Telegram, and Signal are indeed being exploited, this could have major implications for global cybersecurity.
