Hackers could inject commercial spyware developed by the Israeli company NSO Group into phones through a vulnerability in WhatsApp chat app. That’s what The Financial Times reports. WhatsApp, a subsidiary of Facebook, discovered the vulnerability in early May.
At the beginning of this month, the company discovered that the software could be installed on both iPhones and Android phones by calling targets using the app’s phone function. The rogue code could be sent even if users did not answer their phone. In addition, the calls often disappeared from the call history.
An insider states that WhatsApp is still in the early stages of its own vulnerability studies to estimate how many phones were targeted by the attack. The company itself states that it has a team of engineers in San Francisco and London who are constantly working to close the vulnerability. Yesterday a patch was released for users of the app.
“This attack has all the characteristics of a private company known to work with governments to deliver spyware that takes over the functions of mobile operating systems,” said the company. The problem was reported to the U.S. Department of Justice last week, according to an insider. A Ministry spokesman refused to respond.
Lawyer
While WhatsApp developers worked last weekend to close the leak, a British human rights lawyer’s phone was attacked using the same method. The lawyer, who wanted to remain unknown, has helped a group of Mexican journalists and critics on the government, and a Saudi dissident living in Canada, to sue the NSO in Israel. It was claimed that the company was jointly responsible for the misuse of its software by customers.
The NSO Group itself says that it examines customers and investigates abuse. When the Financial Times asked about the attacks via WhatsApp, the company said to investigate the problem.
“Under no circumstances is NSO involved in the execution or identification of targets of its technology, which is only used by intelligence services and the police,” the company says. “NSO wouldn’t want and be able to use its technology to attack a person or organization, including this British lawyer.”
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.