• Uncategorised

WhatsApp vulnerability allowed secretive installation of spyware – CNET

A vulnerability in the Facebook-owned WhatsApp allowed spyware to be installed, according to the Financial Times.

Gabriel Bouys/AFP/Getty Images

A vulnerability in messaging app WhatsApp allowed attackers to install Israeli spyware onto phones, the Financial Times reported Monday.

The malicious code, developed by Israeli company NSO Group, was installed on both iPhones and Android phones through the app's phone call feature, the newspaper reported. The spyware could be transmitted even if the target victim didn't answer their phone, and the calls often disappeared from users' call logs.

The company said the attack has the hallmarks of a private company that reportedly works with governments to deliver spyware that takes over the functions of mobile phone operating systems.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a WhatsApp spokesperson said in a statement.

In 2016, NSO Group was accused of providing spyware to nation-states to steal data from activists' iPhones. The company has said it obeys applicable laws.

NSO said Monday its technology is licensed to governments to fight crime and terror.

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," NSO said in a statement. "We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies," NSO said, adding that it would never use its own technology to target an individual or organizaton.

The Facebook-owned service, which has about 1.5 billion users, reportedly doesn't know how many phones may have been infected with the spyware.

WhatsApp engineers were working to close the vulnerability Sunday night and issued a patch for customers on Monday, the Financial Times reported. 

WhatsApp said it informed the US Justice Department of the vulnerability last week.

The Justice Department didn't immediately respond to requests for comment.

Originally published at 4:45 p.m. PT Updated at 6:55 p.m. with NSO comment.

WhatsApp vulnerability allowed secretive installation of spyware     - CNET

$999

CNET may get a commission from retail offers.

Apple iPhone XS

You may also like...