WhatsApp vulnerability allowed secretive installation of spyware

Clay Curtis
May 14, 2019

A spokesman for the firm said the flaw was detected while "our team was putting some additional security enhancements to our voice calls".

WhatsApp said it contacted human rights groups, quickly fixed the issue and pushed out a patch. If your phone offers to update WhatsApp for you, do it, or check for new versions manually.

It is not known how many Android phones and iPhones have been affected by this exploit.

A WhatsApp vulnerability allowed attackers to remotely install spyware onto phones - by simply calling them.

The hack targeted all commonly used smartphone operating systems, including Apple's iOS, Google's Android, Microsofts Windows Phone and Samsungs Tizen. This exploit would be flawless for a nation's spies keen to pry into the lives of persons of interest.

TechCrunch reports that the vulnerability discovered by WhatsApp just a few weeks ago, would allow a caller to install a spyware on the device being called, regardless of whether or not the could was answered. The Facebook-owned company has also reportedly briefed human rights organisations as well to work with them to inform civil society.

Who could such a company be?


Trump warns China not to retaliate against tariff hike
A stumbling block has been US insistence on an enforcement mechanism with penalties to ensure Beijing carries out its commitments. Forecasters have warned that the USA tariff hikes could set back a Chinese recovery that had appeared to be gaining traction.

The Facebook-owned messaging service said in a statement that it distributed a server-side fix on Friday and an app update to users on Monday.

It isn't clear how many victims were targeted. Prosecutors in the U.S. have been alerted.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits created to compromise information stored on mobile devices", WhatsApp said in a statement to TechCrunch". The spyware manufacturer is known to sell surveillance software to countries such as Saudi Arabia.

Amnesty International is not the only organization pursuing legal action against NSO. Its primary product, Pegasus, is able to turn on and collect data from a phone's microphone and cameras, and also can extract location logs, emails, and messages. It further claimed it screened customers and investigated abuse, including the attack on the United Kingdom lawyer.

There are concerns that the software was used in attempts to access the phones of human rights campaigners, including a UK-based lawyer. However, the exploit developers denied any shenanigans.

NSO Group told the Financial Times it was investigating the issue and under no circumstances would it "be involved in the operating or identifying of targets of its technology", which it said was exclusively operated by intelligence and law enforcement agencies.

Other reports by

Discuss This Article