“After it is installed, the spyware will be able to turn on the affected phone’s camera and microphone as well as scan emails and messages“
WhatsApp has discovered a vulnerability that allowed spyware to be installed on user’s smartphones via the app’s audio call function in early May. The spyware was allegedly developed by the Israeli cyber intelligence company NSO Group’s Pegasus, as reported by The Financial Times. The spyware has leveraged a bug in the audio calling feature of the app and allowed the installation of spyware on the device that is being called, regardless of the call being answered or not. However, WhatsApp has fixed the vulnerability and urged users to update the app.
The Facebook-owned app in a statement said, “WhatsApp encourages people to upgrade to the latest version of our app as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
After it is installed, the spyware will be able to turn on the affected phone’s camera and microphone as well as scan emails and messages. It can also collect users’ location data without their consent. However, WhatsApp says that a relatively small number of users were targeted, and once it was alerted about the issue, the company claims that it took less than ten days to reflect changes to its system. Post this, an update was sent out to the users, further securing it against the spyware vulnerability.
As for the Israel-based NSO Group, who works for the government, reportedly inflected targets and gained access to various aspects of devices. WhatsApp, regarding NSO, remarked, “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.” On the other hand, NSO claims that it limits its Pegasus spyware to state intelligence agencies and wouldn’t use its technology to target any person or organisation. WhatsApp also said that it informed the Department of Justice and “several human rights organisations” of the issue.