WhatsApp Exploit Allowed Voice Calls To Inject Spyware

WhatsApp has closed a vulnerability which allowed spyware to be installed via voice call

An unknown number of people - an amount in the dozens at least would not be inaccurate - were infected with the malware, which the company said it discovered in early May, said the spokesman, who was not authorized to be quoted by name.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits created to compromise information stored on mobile devices", a WhatsApp spokesperson said in a statement.

Spyware users were able to inject malicious code into their target device by initiating a voice call to the corresponding WhatsApp account.

The Facebook-owned messaging service said it believed certain users were targeted through the vulnerability by an advanced cyber actor.

The WhatsApp vulnerability allegedly allowed NSO Group to send spyware to the victims even when they had not answered a voice call over the app, according to The Financial Times, which was first to report the news. That said, the company is reportedly still investigating the number of phones that were targeted.

Meanwhile, Amnesty International and others will this week urge the Israeli military to ban the export of NSO Group's software on the grounds it's sold to governments with, ahem, questionable track records on human rights.

"The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15". The WhatsApp Business apps and Windows Phone and Tizen versions are also affected. Logs of the incoming calls were often erased, according to the report.

"NSO's technology is licensed to authorized government agencies for the sole objective of fighting crime and terror". "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology", the company said. "We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system", the statement read.

Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, are now suing NSO in an Israeli court over the hacking. "NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual".

Related:

Comments

Latest news

Ocasio-Cortez becomes youngest woman to preside over US House of Representatives
No other candidate got double-digit support, and the third place Democrat , South Bend, Indiana Mayor Pete Buttigieg, earned 8 per cent.

At least 3 dead after sightseeing planes collide in Alaska
Spokeswoman Mischa Chernick had no other information on other passengers and referred questions to the Alaska State Troopers. There were 11 people on one plane, and Petty Officer Jon-Paul Rios says the 10 injured were from that plane, one critically.

Lewis Hamilton: why would I leave a team that can be greatest?
And, in a touching gesture by the sport's world champions, they sent a Mercedes F1 auto to Harry's house. Hamilton referenced the message immediately after the race.

Seriously look at breaking up Facebook: Kamala Harris
Jake, I'll tell you, on this issue of the need for gun safety losses, we're not at any loss for good ideas. Cory Booker, D-N.J., to institute federal gun licenses, Harris expressed favor for it, then went further.

Jimmy Carter Recovering After Fall, But He's Most Worried About Turkey Hunting
The 39th president of the United States is now recovering "comfortably" in the hospital alongside his wife, Rosalynn. In 2017, Carter was briefly hospitalized after suffering dehydration during a trip to Canada.

Other news