Spyware made by an”advanced cyber celebrity” infected multiple targeted mobile phones through the popular WhatsApp communications program without any user intervention via in-app voice calls, the company said. The problem is already fixed, WhatsApp adds, and urges users to upgrade their apps to avoid being targetted by the security snafu.
The Financial Times identified the celebrity as Israel’s NSO Group, along with a WhatsApp spokesman later said”we are certainly not refuting some of the policy you’ve seen.” WhatsApp states it fixed the security hole via a server-side fix on May 10, also published patched Android and iOS programs on Monday. Users are urged to upgrade their apps.
The malware managed to intercept telephones through missed calls alone via the program’s voice calling function, the spokesman for the Facebook subsidiary said late Monday. An unknown number of individuals — an amount in the dozens at least would not be inaccurate — were infected with the malware, which the firm said it found in early May, said the spokesman, that wasn’t licensed to be quoted by name.
There is nothing a user might have done here, short of not having the app,” he said.
The WhatsApp spokesman said the attack had”all the hallmarks of a private business that has been proven to work with governments to deliver spyware which has the ability to carry over cell phone operating systems.”
The spokesman stated WhatsApp, which has more than 1.5 billion consumers, instantly contacted Citizen Lab and human rights groups, quickly fixed the matter and pushed out a patch. He explained WhatsApp also provided advice to US law enforcement officials to help in their investigation.
He said the defect was detected while”our staff was placing a few additional security improvements to our voice calls” and that engineers found that individuals targeted for disease”might get a couple of calls from a number that is not recognizable to them. In the process of calling, this code gets shipped.”
“We’re deeply worried about the misuse of these abilities,” WhatsApp said in a statement.
Spokespeople for NSO Group didn’t immediately respond to a email from The Associated Press seeking comment.
The revelation adds to the queries over the reach of the Israeli firm’s powerful spyware, which may hijack smartphones, control their cameras and effectively turn them into pocket-sized surveillance apparatus.
Most notably, the spyware was implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered from the Saudi consulate in Istanbul this past year and whose body has never been discovered.
Several alleged goals of this spyware, such as a close buddy of Khashoggi and many Mexican civil society figures, are now suing NSO in an Israeli court within the hacking.
This creates the discovery of the vulnerability especially disturbing because one of those targets was a human rights lawyer, the lawyer told the AP.
The lawyer, who spoke on condition of anonymity for professional reasons, said he received about a few suspicious missed calls within the past couple of months, the latest one on Sunday, only hours before WhatsApp issued the update to users fixing the flaw.