Technology
WhatsApp exploit allowed spyware to be installed via voice call
A WhatsApp vulnerability allowed attackers to remotely install spyware onto phones — by simply calling them.
First reported by the Financial Times and confirmed by WhatsApp, the issue was discovered in early May and was promptly fixed by the company.
The Facebook-owned messaging service said it believed certain users were targeted through the vulnerability by an advanced cyber actor.
As noted by the Financial Times, the spyware was developed by the Israeli cyber intelligence firm NSO Group. The malicious code could be inserted via a voice call, even if the recipient didn’t answer their phone, and the call would disappear from logs.
In a statement, WhatsApp did not name the NSO Group, but said the attack was representative of a private company which works with governments to create spyware for mobile devices.
The messaging company said it has briefed human rights organisations on the finding, and notified U.S. law enforcement to help them conduct an investigation.
WhatsApp said it made changes to its infrastructure last week to prevent the attack from happening, and issued an update for its app.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a WhatsApp spokesperson said in a statement.
“We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”
The NSO Group is behind a spyware product called Pegasus, which allows operators to take control of a target’s phone, allowing them to switch on a phone’s camera and a microphone, as well as retrieve private data.
Human rights organisation Amnesty International is behind legal action to revoke the NSO Group’s export licence in Israel, after an Amnesty staff member was targeted last August by Pegasus.
“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” Danna Ingleton, deputy director of Amnesty Tech, said in a statement.
-
Business6 days ago
Tesla’s new growth plan is centered around mysterious cheaper models
-
Business5 days ago
Xaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
-
Business6 days ago
UK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
-
Entertainment4 days ago
Summer Movie Preview: From ‘Alien’ and ‘Furiosa’ to ‘Deadpool and Wolverine’
-
Business5 days ago
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
-
Business4 days ago
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal
-
Business4 days ago
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
-
Business7 days ago
Two widow founders launch DayNew, a social platform for people dealing with grief and trauma