Technology
WhatsApp exploit allowed spyware to be installed via voice call
A WhatsApp vulnerability allowed attackers to remotely install spyware onto phones — by simply calling them.
First reported by the Financial Times and confirmed by WhatsApp, the issue was discovered in early May and was promptly fixed by the company.
The Facebook-owned messaging service said it believed certain users were targeted through the vulnerability by an advanced cyber actor.
As noted by the Financial Times, the spyware was developed by the Israeli cyber intelligence firm NSO Group. The malicious code could be inserted via a voice call, even if the recipient didn’t answer their phone, and the call would disappear from logs.
In a statement, WhatsApp did not name the NSO Group, but said the attack was representative of a private company which works with governments to create spyware for mobile devices.
The messaging company said it has briefed human rights organisations on the finding, and notified U.S. law enforcement to help them conduct an investigation.
WhatsApp said it made changes to its infrastructure last week to prevent the attack from happening, and issued an update for its app.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a WhatsApp spokesperson said in a statement.
“We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”
The NSO Group is behind a spyware product called Pegasus, which allows operators to take control of a target’s phone, allowing them to switch on a phone’s camera and a microphone, as well as retrieve private data.
Human rights organisation Amnesty International is behind legal action to revoke the NSO Group’s export licence in Israel, after an Amnesty staff member was targeted last August by Pegasus.
“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” Danna Ingleton, deputy director of Amnesty Tech, said in a statement.
-
Entertainment6 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment7 days ago
Rules for blocking or going no contact after a breakup
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment5 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment4 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment5 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment3 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent