WhatsApp fixes voice calling feature loophole that allowed attackers to inject spyware on phones

By Digit NewsDesk | Updated 14 May 2019
WhatsApp fixes voice calling feature loophole that allowed attackers to inject spyware on phones
  • ​WhatsApp fixes flaw in calling feature that allowed attackers infect phones.
  • The spyware was developed by Israeli company NSO.
  • NSO says it is investigating the issue.

WhatsApp has fixed a vulnerability in the app’s calling feature that allowed cybercriminals to inject spyware on people phones, a media report has said. The spyware, called Pegasus, was developed by Israeli company NSO Group that licenses its products to governments to fight terrorism and crime. According to The Financial Times, which first reported the development, the spyware could be installed on iPhones as well as on Android devices; all an attacker has to do is make a WhatsApp call to the target.

advertisements

The company says that it fixed the vulnerability on Sunday and issued a patch for customers on Monday. “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society,” the company said without naming NSO Group.

WhatsApp, an instant messaging app used by 1.5 billion people worldwide, disclosed the issue to the US Department of Justice last week, Financial Times cited a person familiar with the matter, as saying. Meanwhile, NSO said that it had carefully “vetted customers and investigated any abuse.” The company also says that it is investigating the issue. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not, or could not, use its technology in its own right to target any person or organisation,” NSO was quoted as saying.

Pegasus is NSO’s flagship programme that can turn on a phone’s microphone and camera, and collect location data. The company has Middle Eastern and Western intelligence agencies as its customers. It is suspected that the attack was launched by a Middle Eastern country to allegedly suppress the criticism of its human rights practices. The report said that in the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones.

advertisements

As late as on May 12, there was an attempt to compromise the phone of a UK-based human rights lawyer who helped a Saudi dissident in Canada, and sue NSO in Israel. John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, said the attack had failed. “We had a strong suspicion that the person’s phone was being targeted, so we observed the suspected attack, and confirmed that it did not result in infection,” added Scott-Railton.

advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

SIM Slot in Tablets with No Voice calling feature
Nikhil Kalyan Honnoor
Aug 30, 2014
Responses 6
Aditya Malpure
Sept 1, 2014
Praveen Dsouza
Sept 1, 2014
Sahil Sahu
Sept 1, 2014
t ruth pushpalatha
Sept 1, 2014
t ruth pushpalatha
Sept 1, 2014
Vivek Bhatt
Sept 2, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements