WhatsApp Discovers Surveillance Attack, Urges Users to Upgrade

Cheryl Sanders
May 14, 2019

After discovering the vulnerability last week, WhatsApp claims it worked "around the clock" to develop a patch to protect users from the exploit, finally releasing the fix on Monday. It's unclear how many Android and iOS devices were affected by the vulnerability, but as you can imagine, anyone with access to the spyware could hack any WhatsApp user.

It isn't clear how many victims were targeted.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits created to compromise information stored on mobile devices", a WhatsApp spokesperson said in a statement.

As noted by the Financial Times, the spyware was developed by the Israeli cyber intelligence firm NSO Group.

According to the Times, the attackers were able to infect people's phones by calling people through the app. The report said that calls could disappear from the call log, transmitting the spyware to the unwitting victim. The application that serves over 1.5 billion people around the world has allowed hackers to inject Israeli spyware on to users' phones, according to the report.

That makes the discovery of the vulnerability particularly disturbing because one of the targets was a UK-based human rights lawyer, the attorney told the AP. The vulnerability affects both Android and iOS devices, and does not need the recipient to actually pick up the call for the spyware to be installed.

According to WhatsApp, the attacks have all the hallmarks of a private company that works with governments to deliver spyware to mobile phones.

The organisation is fighting for the NSO group to have its export license withdrawn by Israeli government. "We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society".

Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies.

While NSO claims Pegasus is intended for government usage - its website insists its mission is "developing technology to prevent and investigate terror and crime", and the company claims it carefully vets customers - a number of activists and human rights campaigners in the Middle East have found themselves on the wrong end of Pegasus attacks.

On Monday, Amnesty International - which said past year that one its staffers was also targeted with the spyware - said it would join in a legal bid to force Israel's Defense Ministry to suspend NSO's export license.

Other reports by iNewsToday