Technology
WhatsApp exploit allowed spyware to be installed via voice call
A WhatsApp vulnerability allowed attackers to remotely install spyware onto phones — by simply calling them.
First reported by the Financial Times and confirmed by WhatsApp, the issue was discovered in early May and was promptly fixed by the company.
The Facebook-owned messaging service said it believed certain users were targeted through the vulnerability by an advanced cyber actor.
As noted by the Financial Times, the spyware was developed by the Israeli cyber intelligence firm NSO Group. The malicious code could be inserted via a voice call, even if the recipient didn’t answer their phone, and the call would disappear from logs.
In a statement, WhatsApp did not name the NSO Group, but said the attack was representative of a private company which works with governments to create spyware for mobile devices.
The messaging company said it has briefed human rights organisations on the finding, and notified U.S. law enforcement to help them conduct an investigation.
WhatsApp said it made changes to its infrastructure last week to prevent the attack from happening, and issued an update for its app.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a WhatsApp spokesperson said in a statement.
“We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”
The NSO Group is behind a spyware product called Pegasus, which allows operators to take control of a target’s phone, allowing them to switch on a phone’s camera and a microphone, as well as retrieve private data.
Human rights organisation Amnesty International is behind legal action to revoke the NSO Group’s export licence in Israel, after an Amnesty staff member was targeted last August by Pegasus.
“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” Danna Ingleton, deputy director of Amnesty Tech, said in a statement.
-
Entertainment7 days ago
‘Interior Chinatown’ review: A very ambitious, very meta police procedural spoof
-
Entertainment6 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment6 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment5 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment4 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment3 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days ago
A24 is selling chocolate now. But what would their films actually taste like?