- Approximately 200 WhatsApp users in Italy were tricked into installing a fake version of the messaging app that was actually government spyware.
- The fake application was built by SIO, an Italian surveillance technology company that develops spyware for law enforcement and intelligence agencies.
- WhatsApp has proactively identified the affected users, logged them out of their accounts, warned them about the privacy risks, and urged them to delete the fake client and install the official app from a trusted source.
- WhatsApp also plans to send a formal legal demand to SIO to halt any malicious activity linked to the campaign.
Italian authorities have been accused of exploiting the trust of their citizens by using mobile carriers to deliver state-sanctioned spyware. WhatsApp has recently exposed a surveillance operation conducted by a company called SIO, a firm based in Italy that specializes in developing spyware for law enforcement and intelligence agencies.
The fake spyware app was designed to look like a legitimate WhatsApp update, tricking unsuspecting users into installing it on their devices. Once installed, the spyware could steal text messages, chat histories, and call logs, as well as record audio and video directly from the device's microphone and camera. The operation has raised concerns about the extent of government surveillance in Italy and the role of mobile carriers in facilitating it.
Italy's Spyware Hub
Italy has become a hub for the production and use of spyware, with companies like SIO and Paragon Solutions operating in the country. The Italian justice ministry has maintained a price list and catalogue showing how authorities can compel telecom companies to send phishing links to their own customers on behalf of law enforcement. The cost of renting spyware in Italy is remarkably low, with law enforcement able to access these tools for as little as €150 per day.
Experts say that the low cost and permissive regulation in Italy have made it an attractive location for spyware vendors. Fabio Pietrosanti, president of the Hermes Center for Transparency and Digital Human Rights, has said that spyware is deployed more frequently in Italy than anywhere else in Europe because of the favorable environment.
WhatsApp's Response
WhatsApp has taken steps to protect its users who may have been tricked into downloading the fake iOS app. The company has logged out the affected users, warned them about the privacy risks, and urged them to delete the fake client and install the official app from a trusted source. WhatsApp has also announced that it plans to send a formal legal demand to SIO to halt any malicious activity linked to the campaign.
WhatsApp spokesperson Margarita Franklin said that the company could not yet confirm whether the 200 affected users included journalists or members of civil society. Franklin emphasized that the company's priority has been protecting the users who may have been tricked into downloading the fake app.
The Global Spyware Market
The global lawful-interception market was valued at $4 billion in 2023 and is projected to reach $15 billion by 2032, growing at roughly 16 per cent annually. The market is being driven by the low-cost, phishing-based tools that companies like SIO sell. The barrier to entry for government surveillance has dropped to the point where a local police department in a midsize Italian city can commission the same class of spyware deployment that was once the preserve of national intelligence agencies.
The proliferation of spyware vendors presents a challenge that extends well beyond any single platform. Apple has sent mercenary-spyware threat notifications to users in more than 150 countries since 2021, alerting individuals it believes have been individually targeted by state-sponsored attacks.
What This Means
The SIO case highlights the need for greater transparency and accountability in the use of state-sanctioned spyware. The fact that Italian telecoms participate in the delivery chain, sending phishing messages to their own subscribers at the state's request, turns the mobile infrastructure itself into an instrument of surveillance.
WhatsApp's decision to publicly name SIO and notify the affected users follows the broader pattern of tech platforms asserting themselves as counterweights to state surveillance in ways that would have been unthinkable a decade ago. The company is not merely patching a vulnerability. It is identifying the vendor, alerting the victims, and threatening legal action, a posture that positions a messaging app owned by Meta as a more effective check on government spyware abuse than any European regulatory body has managed to date.
The immediate question for the 200 users in Italy who received WhatsApp's notification is: who authorised the surveillance, and on what legal basis? The answer may never become public. Italy's lawful-intercept framework permits the use of these tools under judicial oversight, but the oversight mechanisms have repeatedly proven inadequate to prevent abuse.
Conclusion
The SIO case serves as a reminder of the risks posed by state-sanctioned spyware and the need for greater transparency and accountability in its use. WhatsApp's decision to publicly name SIO and notify the affected users is a significant development in the fight against government surveillance. As the global lawful-interception market continues to grow, it is essential that tech platforms and regulatory bodies work together to ensure that the use of state-sanctioned spyware is subject to robust oversight and accountability mechanisms.
