A missed call on WhatsApp was enough to infect some of the app users’ phones with advanced spying software, the messaging platform has said. said late.
The messaging platform WhatsApp said it had patched a vulnerability that allowed spyware to be installed via a missed call. The company assumes only selected users were targeted by an “advanced cyber actor.”
Media outlets, including the Financial Times and TechCrunch, identified the spyware as the product of Israel’s NSO group. The group is famous for its software dubbed “Pegasus” which can hack smartphones and activate their microphones and cameras, collect location information and send out emails and texts.
While WhatsApp did not immediately confirm NSO was linked with the attack, they also said they were “not refuting” any of the media coverage.
The messaging platform also said the attack bore “all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”
All operating systems targeted
WhatsApp is a Facebook subsidiary with more than 1.5 billion users and boasting end-to-end transcription protecting its users’ privacy. On Monday, the company said the malware was discovered in early May.
A spokesman for the firm said the flaw was detected while “our team was putting some additional security enhancements to our voice calls.” Its engineers found that affected users “might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped.”
The hackers targeted all commonly used smartphone operating systems, including Apple’s iOS, Google’s Android, Microsofts Windows Phone and Samsungs Tizen.
The company said they have provided information to US authorities to help with the investigation.
Human rights lawyer attacked
Many journalists, dissidents, activists, and lawyers have reported
Amnesty International, an international human rights watchdog, claims one of its staffers was targeted with the Israeli-made spyware last year. Following the Monday announcement, Amnesty International said it would join the effort to force Israel’s defense ministry to suspend
A UK-based human rights lawyer told the AP news agency that he was targeted in the latest attack. The activist, who wanted to stay anonymous for professional reasons, said he had received several suspicious missed calls over the past months, the most recent one on Sunday.
According to the Financial Times, the Israeli-based NSO do not use their software themselves. Their tools are usually operated by state security agencies.