WhatsApp confirmed that hackers succeeded in installing a surveillance software of phones and PCs to enable them to spy on other users’ supposed encrypted chat.
WhatsApp, owned by Facebook, alleged that the attack targeted a selected number of users, probably human rights activists, journalists, and lawyers. WhatsApp believes that the attack was orchestrated by NSO Group, an Israeli cyber company. The messaging app announced on Monday that the vulnerability has been fixed and urged the users to update the latest version of the app.
Malicious code could be implanted in the victim’s phone by placing a call to that phone. The victim does not need to answer the call for the phone to be hacked.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of a mobile phone operating systems,” a spokesperson said in a statement. The instant messaging app promotes itself as a secure communications app because the messages are end-to-end encrypted and can therefore not be intercepted by a third party.”
According to a report, a voice call made to a victim could disappear from the call log.
The NSO group developed a powerful malware in January designed to spy on its users but has denied any engagements with the recent attack, stating its only duty as fighting crime and terror.
“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse, and if necessary, we take action, including, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying or targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the group defended.
The New York Times reported that the malware must have targeted a London-based human rights lawyer, who is involved in a lawsuit against the NSO group. Amnesty International said that the attack is one feared by human rights groups because these tools are used by attackers to keep prominent journalists and activists under surveillance.
WhatsApp says an investigation is still ongoing, so the members in charge are unable to determine how many users were affected, its duration in the app, if the attack went beyond the confines of WhatsApp such as accessing photos and email, and if an update can eliminate any malware.
All those are still under probe, according to WhatsApp.