A vulnerability in facebook owned messaging app, WhatsApp has allowed attackers to inject commercial spyware on to Android and iPhone, by ringing up targets using the app’s phone call function. This was reported by financial times on Monday.
The malicious code, developed by the secretive Israeli company NSO Group, could be remotely installed on the targeted device, even if the recipient did not answer their phones, and the calls often disappeared from call logs,making it virtually untraceable, this was confirmed by security researchers and what’s app.
The spyware, once successfully installed on a victim’s device, can turn on his phone’s camera and mic, scan emails and messages, and collect the user’s location data. WhatsApp is investigating the situation but is so far unable to estimate the number of phones successfully targeted by the exploit, reported Financial Times.
WhatsApp said in a statement provided to The Financial Times, “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,”. The company has also taken further steps in ensuring that every of its users are well informed and protected. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.” whatsapp said.
A fix from whatsapp
WhatsApp has since urged its more than 1.5 billion global users to update the app and possibly their phone’s operating system immediately to close the security hole.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” said WhatsApp in a statement.