WhatsApp is urging its users to update the app after it has been discovered that its cybersecurity measures were vulnerable, allowing spyware to be implemented into a users phone through the app’s call function. According to the Financial Times, the spyware was developed by NSO Group, an Israeli cyber intelligence company, that was first to spot the in-app risk.
Attackers misusing the spyware would reportedly call its targets and, regardless of whether the user would answer, could then add coding into the users’ handset. The spyware has the ability to extract data from the users’ text messages, contacts, GPS location, email, browser history and even create new data by using the phone’s microphone and camera to record the user’s surroundings. WhatsApp discovered this attack this month and has addressed the issue inside its own infrastructure imminently, however, the company is still urging users to update the app their end too.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a statement. “We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.” NSO Group told the FT that it was working with WhatsApp to investigate the attacks, with one notable attempt on a UK-based attorney who is currently in a lawsuit with the Israeli company.
NSO Group told the FT, “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies… NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual.”
In case you missed it, over $40 million USD in Bitcoin has been hacked.