- Hackers used a flaw in WhatsApp’s VoIP calling feature to infect users with spyware.
- The hack was apparently developed by an Israeli cybersecurity company.
- WhatsApp users could be infected with spyware if the attacker tried calling them.
Hackers were reportedly able to remotely install spyware on phones and devices by using a vulnerability in WhatsApp.
According to the Financial Times (h/t: BBC), the attack took aim at a select number of users. The malicious code was reportedly created by an Israeli security firm called NSO Group. Facebook is said to have told Financial Times the attack had “all the hallmarks of a private company known to work with governments to deliver spyware.”
This isn’t the first time the NSO Group name pops up in relation to cyber warfare and spying. In fact, it’s said that the firm’s software was used by the Saudi Arabian government to spy on murdered dissident Jamal Khashoggi.
A source told the Financial Times that it was too early to determine how many phones were targeted via this attack method. However, the outlet says a phone belonging to a UK-based human rights lawyer was recently targeted via this route. The lawyer in question reportedly helped several people sue the NSO Group in Israel.
Specific details regarding what the spyware did to devices weren’t revealed, but NSO’s most prominent product is Pegasus. The spyware is able to access a phone’s microphone and camera, while also accessing location data, emails, and other messages.
How does the attack work?
To compromise a device, attackers harnessed WhatsApp’s VoIP calling option. Attackers could install the surveillance software on victims’ device by calling them — even if the victim took no action to answer or reject the call. Furthermore, the call wouldn’t appear in your call log, ensuring a clean paper trail at first glance.
Facebook confirmed the attack in a security notice, noting that it affected WhatsApp for Android prior to v2.19.134. Other affected versions include WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Unsure if you’re using a vulnerable version of WhatsApp on Android? Well, you should update it anyway via the Google Play Store. We’ve contacted WhatsApp and the NSO Group for more details regarding the attack and will update the article accordingly.