A WhatsApp vulnerability has reportedly allowed attackers to inject Israeli spyware onto phones, and all it needed was a WhatsApp call.
A recent The Financial Times report details a vulnerability in the messaging platform that allowed a code developed by Israeli company named NSO Group to be transmitted by calling users via WhatsApp on iOS and Android.
And for this code to be transmitted it wasn’t essential for the user to answer the call. All that was needed was a WhatsApp call to be made on a number that has an active account. In many cases, according to the report, the call would disappear from call logs. Which means, it’s possible that some users could have fallen victim to this without even realising.
Reportedly, the vulnerability of the platform remained accessible for the attackers for weeks.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” The Financial Times reports WhatsApp as saying. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.”
NSO Group on the other hand, that develops tools and markets them to governments around the world as a way to fight terrorism and crime, told The Financial Times that it “would, or could not, use its technology in its own right to target any person or organization.”
As of now, more details about the vulnerability and about the numbers of users that were attacked by the loophole, are unclear.
Reportedly, WhatsApp disclosed the issue to the United States Department of Justice last week, and rolled out a fix for the issue on 10 May. The messaging platform is urging users to update to the latest version of the app to steer clear of the loophole.