WhatsApp has confirmed a vulnerability that could have allowed hackers to remotely install spyware on your phone. The messaging app has fixed the loophole and has requested users to install the latest update to avoid the WhatsApp exploit.
Install update to avoid WhatsApp exploit
This WhatsApp exploit was first highlighted by the Financial Times, and the Facebook-owned company was quick to fix the issue. Further, the Facebook-owned company said it made changes to its infrastructure last week to fix the loophole.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the messaging app said in a statement.
WhatsApp rolled out the server-side fix on May 10, while the updated version of the app was released on May 13. It is not known how many Android and iOS devices were affected by the WhatsApp exploit. The messaging app, however, says that it fixed the loophole in less than ten days after discovering the flaw.
Reports say all that a hacker needs to do to install the spyware remotely is to call the user. The malware would install even if the recipient doesn’t answer the call. Moreover, the call would automatically disappear from the logs.
Citizen Lab, an internet watchdog, referred to the exploit as “a very scary vulnerability.” The security firm says there is nothing that a user can do to avoid this spyware, except for uninstalling the app.
Is NSO Group behind all this?
WhatsApp believes that the latest exploit was targeted toward certain users and was carried out by an advanced cyber actor. According to the Financial Times, the WhatsApp exploit was designed by the Israeli cyber intelligence firm NSO Group.
WhatsApp, however, did not name the NSO, but confirmed that the attack was carried out by a private company which works for governments. Further, the messaging app notes that the attack may have affected only a small number of users. One possible target of the WhatsApp exploit is a London-based human rights lawyer.
WhatsApp says that it has informed about its findings to U.S. law enforcement and some human rights organizations.
Amnesty International, a human rights organization, is supporting legal action to revoke the export license of the NSO Group in Israel. In August last year, an Amnesty staff member was targeted by Pegasus.
“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics,” Amnesty Tech said in a statement.
Further, the human rights organization said the NSO Group’s spyware can infect a users’ phone without a user taking any action. Also, the agency said there is growing evidence that the group’s tools are used by regimes to track prominent activists and journalists.
“There needs to be some accountability for this, it can’t just continue to be a wild west, secretive industry,” Amnesty International said.
NSO Group denies allegations
The spyware product targeted at WhatsApp is called Pegasus, and it allows the operator to control any phone by switching on the phone’s camera and microphone, along with sharing user data. NSO’s flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.
NSO Group, however, denies all such accusations.
“NSO’s technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror…… We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system,” NSO Group said in a statement to Mashable.
The NSO Group is an Israeli company, and has been referred to as a “cyber-arms dealer” in the past. According to BBC, the business is partly owned by Novalpina Capital, which is a London-based private equity firm.
In 2016, NSO’s spyware was found to be involved in an attack on Emirati human rights activist, Ahmed Mansoor. Last year, the tool targeted a popular TV journalist Carmen Aristegui and eleven more around the same time when an investigation involving the Mexican president was ongoing, notes a report from The Verge.
Citizen Lab, in its research, found that Pegasus operators may be active in 45 countries, including ten operating in cross-border surveillance.