WhatsApp vulnerability allowed government-grade spyware to be installed on phones

WhatsApp vulnerability allowed government-grade spyware to be installed on phones

It's unclear how many Android and iOS devices were affected by the vulnerability, but as you can imagine, anyone with access to the spyware could hack any WhatsApp user.

In a statement to the Financial Times, Jon Scott-Railton, a researcher at the lab said the attack had failed and believes that the measures WhatsApp ha put in place in the past several days prevented the attack.

It involved attackers using WhatsApp's voice calling function to ring a target's device. The group is famous for its software dubbed "Pegasus" which can hack smartphones and activate their microphones and cameras, collect location information and send out emails and texts. The report said that calls could disappear from the call log, transmitting the spyware to the unwitting victim.

The "advanced actor" in this case used code developed by Israeli company NSO Group, according to FT.

After discovering the vulnerability last week, WhatsApp claims it worked "around the clock" to develop a patch to protect users from the exploit, finally releasing the fix on Monday.

A source has told the Financial Times that the company alerted the Department of Justice last week.

The company has issued multiple statements urging Android and iOS users to update their WhatsApp applications and their mobile operating systems.

Fresh curfews, social media block in Sri Lanka after riots
A motorcycle gang attacked shops in nearby Kuliyapitiya and four members were arrested, officials said. The attacks come weeks after the Easter Sunday bombings in the island nation.

According to Facebook's latest figures, WhatsApp has around 1.5bn users worldwide. "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies", the company added.

Justifying the decision to stop supporting these phones, WhatsApp said in a blog post: "As we look ahead to our next seven years, we want to focus our efforts on the mobile platforms the vast majority of people use".

According to WhatsApp, it suspects a relatively small number of users were targeted.

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel's Ministry of Defence to revoke the NSO Group's licence to export its products. The spyware manufacturer is known to sell surveillance software to countries such as Saudi Arabia.

"NSO would not or could not use its technology in its own right to target any person or organization", the company added.

Amnesty International, which has previously reported being targeted by the software, is now supporting legal action that would compel the Israeli Ministry of Defence to revoke the export license of NSO Group due to its "chilling attacks on human rights defenders around the world".

Related Articles