Hackers have exploited a vulnerability in WhatsApp to inject powerful spyware developed by an Israeli-based cyber intelligence firm into iPhone and Android phones, according to a report by the Financial Times on Monday evening.
The encrypted messaging app, which is owned by Facebook Inc (NASDAQ: FB), said it discovered early this month that “an advanced cyber actor” installed surveillance software developed by Israel’s NSO Group on to unknown number of phones. WhatsApp disclosed that the attackers transferred the spyware by calling up targets using the phone call function available on the app.
Security researchers said the spyware can give hackers full control to a phone remotely, thus allowing them to activate the camera, read messages, and view contacts. WhatsApp warned that the spyware affects all expect the newest version of the messaging app on Android and iOS.
NSO Group is currently facing lawsuits for providing software to spy on journalists and human-rights activists. The WhatsApp malware was used to target a lawyer based in London who is involved in lawsuits accusing the cyber intelligence company of providing tools to target a group of Mexican activists and journalists, a Qatari citizen, and a Saudi dissident called Omar Abdulaziz who is currently living in Canada.
NSO denies it would use its technology to spy on companies or individuals. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said. “NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual [the UK lawyer].”
Meanwhile, WhatsApp has urged its 1.5 billion users to update their mobile operating systems to protect against targeted exploits that could compromise personal data stored on phones. The company released an update yesterday to resolve the issue, and is requesting users to update the app immediately out of an abundance of caution.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in statement.
Shares of Facebook were trading 0.69% lower to $180.28 as of 10:26 a.m. ET on Tuesday.