Hackers were able to take advantage of a vulnerability in messaging app WhatsApp to remotely install spyware onto phones, it has been revealed.
Facebook-owned WhatsApp discovered what the attackers were up to earlier this month. The vulnerability allowed the attackers to target certain users via the app’s audio call function on both iPhones and Android devices. The users would receive a call, and whether they answered or not, malicious code was transmitted to their devices, often even disappearing from call logs.
WhatsApp describes the flaw in a security advisory as “a buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number”.
The attack is said to have developed by Israeli cyber intelligence firm NSO Group, according to a Financial Times report.
WhatsApp hasn’t pointed any fingers directly at any party, but said: “the attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
The messaging app is still too early into its investigations to provide an estimate of how many phones were targeted. So, it has urged all of its 1.5bn users around the world to update their apps as a precaution.
The NSO Group, which is part-owned by London-based private equity firm Novalpina Capital, develops a product called ‘Pegasus’. The program is able to access a phone’s microphone and camera, look through emails and messages, and collect location data. The company says the product is licensed to governments in order to fight terrorism and crime and, as such, would investigate any possible misuse of its product by these agencies.
Amnesty International, which says that one of its researchers had been targeted, is joining a group of Israeli citizens and civil rights groups in calling for Israel’s Ministry of Defence to cancel NSO’s export license.