WhatsApp has confirmed it has been targeted by hackers with surveillance software they say resembles a spyware developed by intelligence agencies.
WhatsApp has described the attack as targeted at a “select number” of users, and said it was carried out by “an advanced cyber actor”. A fix for the vulnerability was rolled-out last Friday, and the company is urging its 1.5 billion users to update their apps as a precaution.
According to a report in the Financial Times (FT), the attack, which was first discovered last month, was developed by Israeli security firm, the NSO Group, which has been referred to as a “cyber-arms dealer” in the past.
The software worked by using the app’s call function to ring a target’s device. Even if the call was not answered, the software would be installed and, the FT reported, the record of the call would vanish from the device’s call log.
After the software was installed the attackers would be able to remotely control the victim’s phone’s microphone and camera. WhatsApp told the BBC it was first to spot the vulnerability and had shared this information with human rights groups, selected security vendors and the US department of Justice earlier this month
On Monday, the company said: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
- The Value of Data in the Digital Economy and Data Ethics
- Police Scotland to Start Using Controversial Hacking Devices
- Facebook’s Auto-Generation Tech is Creating “Memories” Videos for Terrorist Groups
Facebook, which owns WhatsApp, said: “A buffer overflow vulnerability in WhatsApp VoIP (voice over IP) stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
“The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.”
According to the FT, the attacks were focused on human rights activists – one a UK-based human rights lawyer and the other a researcher at Amnesty International who is working to have the NSO Group’s export licences withdrawn by the Israeli Government.
Danna Ingleton, deputy programme director for Amnesty Tech, said: “They’re able to infect your phone without you actually taking an action. There needs to be some accountability for this, it can’t just continue to be a wild west, secretive industry.”
Ingleton added that there was mounting evidence that the tools were being used by regimes to keep tabs on prominent activists and journalists. She said: “NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw.”
In a statement, NSO group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.
“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”