WhatsApp says users should upgrade app after attack report

Doris Richards
May 16, 2019

These hackers called WhatsApp users and then gained access to their personal information and installed spyware on their phones, allowing them further access to sensitive information.

It was discovered earlier this month by WhatsApp's own security team.

The Financial Times reported Israeli security firm NSO Group developed the attack and sold spyware, which can control smartphones, their cameras and effectively turn them into surveillance devices.

The NSO Group has been known to work with governments in the past to target reporters or dissidents.

Citizen Lab, a research group at the University of Toronto, said: "We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer".

It added that it does not operate the system itself and "under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies".

While this incident highlighted a major flaw in WhatsApp, cyber security experts told TNP that there is no need for its users to delete the app. While it's less likely that the average citizen would be targeted with this kind of spyware, WhatsApp is used by many people for whom the privacy of their conversations is a life and death matter.

Spyware crafted by a sophisticated group of hackers-for-hire took advantage of a flaw in the popular WhatsApp communications program to remotely hijack dozens of phones without any user interaction.

This isn't the first vulnerability of this kind to be discovered in a supposedly secure messaging app. But according to a brief technical description of the hack posted by WhatsApp's owner, Facebook Inc., it now appears hackers can install the malware simply by calling the target.

Amnesty International, which said previous year that one of its staffers was targeted by NSO spyware, is demanding Israel suspend NSO's export license for exactly that reason.

"We have also provided information to U.S. law enforcement to help them conduct an investigation". The Guardian reports that Facebook implemented a server-side change to help protect users and pushed out updates for the various smartphone versions of WhatsApp on Monday. We will work with human rights organizations with expertise monitoring the work of private cyber actors.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system". And there is a growing consensus that the attack is aimed at human rights campaigners. If you have not already done so you can download the update to WhatsApp from the Play Store using this link.

Other reports by Iphone Fresh

Discuss This Article