WhatsApp fixes voice calling feature loophole that allowed attackers to inject spyware on phones

Reportedly, the spyware detected was developed by Israeli company NSO Group and is called Pegasus.

By Digit NewsDesk | Published 14 May 2019 17:10 IST
HIGHLIGHTS
  • ​WhatsApp fixes flaw in calling feature that allowed attackers infect phones.

  • The spyware was developed by Israeli company NSO.

  • NSO says it is investigating the issue.

WhatsApp fixes voice calling feature loophole that allowed attackers to inject spyware on phones
WhatsApp fixes voice calling feature loophole that allowed attackers to inject spyware on phones

WhatsApp has fixed a vulnerability in the app’s calling feature that allowed cybercriminals to inject spyware on people phones, a media report has said. The spyware, called Pegasus, was developed by Israeli company NSO Group that licenses its products to governments to fight terrorism and crime. According to The Financial Times, which first reported the development, the spyware could be installed on iPhones as well as on Android devices; all an attacker has to do is make a WhatsApp call to the target.

The company says that it fixed the vulnerability on Sunday and issued a patch for customers on Monday. “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society,” the company said without naming NSO Group.

WhatsApp, an instant messaging app used by 1.5 billion people worldwide, disclosed the issue to the US Department of Justice last week, Financial Times cited a person familiar with the matter, as saying. Meanwhile, NSO said that it had carefully “vetted customers and investigated any abuse.” The company also says that it is investigating the issue. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not, or could not, use its technology in its own right to target any person or organisation,” NSO was quoted as saying.

Pegasus is NSO’s flagship programme that can turn on a phone’s microphone and camera, and collect location data. The company has Middle Eastern and Western intelligence agencies as its customers. It is suspected that the attack was launched by a Middle Eastern country to allegedly suppress the criticism of its human rights practices. The report said that in the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones.

As late as on May 12, there was an attempt to compromise the phone of a UK-based human rights lawyer who helped a Saudi dissident in Canada, and sue NSO in Israel. John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, said the attack had failed. “We had a strong suspicion that the person’s phone was being targeted, so we observed the suspected attack, and confirmed that it did not result in infection,” added Scott-Railton.

Digit NewsDesk
Digit NewsDesk

Email Email Digit NewsDesk

Follow Us Facebook Logo Facebook Logo Facebook Logo

About Me: Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. Read More

Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements
Vadhavan Roller Anti Aging 100% Natural Jade Facial Roller healing Slimming Massager Anti Aging 100% Natural Jade Facial Roller healing Slimming Massager Massager  (Green)
Vadhavan Roller Anti Aging 100% Natural Jade Facial Roller healing Slimming Massager Anti Aging 100% Natural Jade Facial Roller healing Slimming Massager Massager (Green)
₹ 175 | $hotDeals->merchant_name
HP 15.6 LAPTOP BAG Backpack  (Black, Black, 25 L)
HP 15.6 LAPTOP BAG Backpack (Black, Black, 25 L)
₹ 275 | $hotDeals->merchant_name
Kuvadiya Sales Magnetic Vibra Plus Head Massager Hairbrush with Double Speed in Treatment | hair massager
Kuvadiya Sales Magnetic Vibra Plus Head Massager Hairbrush with Double Speed in Treatment | hair massager
₹ 140 | $hotDeals->merchant_name
AGARO 33511 MAGMA Air compression leg massager with handheld controller, 3 massage mode and intensity for feet, calf and thigh Massager  (Black)
AGARO 33511 MAGMA Air compression leg massager with handheld controller, 3 massage mode and intensity for feet, calf and thigh Massager (Black)
₹ 6199 | $hotDeals->merchant_name
ARG HEALTH CARE Leg Massager for Pain Relief Foot, Calf and Leg Massage with Vibration and Heat Therapy (Golden)
ARG HEALTH CARE Leg Massager for Pain Relief Foot, Calf and Leg Massage with Vibration and Heat Therapy (Golden)
₹ 15499 | $hotDeals->merchant_name