WhatsApp vulnerability allowed secretive installation of spyware

A vulnerability in messaging app WhatsApp allowed attackers to install Israeli spyware onto phones, the Financial Times reported Monday.

The malicious code, developed by Israeli company NSO Group, was installed on both iPhones and Android phones through the app's phone call feature, the newspaper reported. The spyware could be transmitted even if the target victim didn't answer their phone, and the calls often disappeared from users' call logs.

The company said the attack has the hallmarks of a private company that reportedly works with governments to deliver spyware that takes over the functions of mobile phone operating systems.

In 2016, NSO Group was accused of providing spyware to nation-states to steal data from activists' iPhones. The company has said it obeys applicable laws.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a WhatsApp spokesperson said in a statement.

The Facebook-owned service, which has about 1.5 billion users, reportedly doesn't know how many phones may have been infected with the spyware.

WhatsApp engineers were working to close the vulnerability Sunday night and issued a patch for customers on Monday, the Financial Times reported. 

WhatsApp said it informed the US Justice Department of the vulnerability last week.

NSO Group and the Justice Department didn't immediately respond to requests for comment.

$999

CNET may get a commission from retail offers.

Comments are closed.