WhatsApp that has been owned by Facebook, said, it had been attacked by spyware that targeted a “selected number” of users and was orchestrated by “an advanced cyber actor.” Hackers were able to remotely install surveillance software on phones and other devices using a significant vulnerability in messaging app WhatsApp; it has been confirmed.
According to Financial Times, the spyware was developed by the Israeli cyber intelligence company NSO Group, which first reported the vulnerability. The vulnerability was discovered this month, and the company quickly addressed the problem within its infrastructure.
The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems. We have briefed several human rights organizations to share the information we can and to work with them to notify civil society – WhatsApp
WhatsApp, which currently has 1.5 billion users globally had discovered in early May that attackers were able to install surveillance software on to both Android smartphones and iPhones by ringing up targets using the in-app’s voice call feature.
Hence after discovering the vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function WhatsApp is now encouraging users to update to the latest version of the app.
Attackers could easily transmit the malicious code to a target’s device by just calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.
The attack targeted iPhones, as well as phones with Google’s Android system, Microsoft Windows phones, and Samsung’s Tizen system. WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.