Spyware discovered targeting phones through WhatsApp calls
Spyware crafted by an "advanced cyber actor"
infected multiple targeted mobile phones through the WhatsApp messaging
service without any user intervention through in-app voice calls.
The malware was able to penetrate phones through
missed calls alone via the application's voice calling function, the
spokesperson for the Facebook subsidiary said on Monday.
An unknown number of people were infected with the
malware, which the company said it discovered in early May, according to
the spokesperson.
The Financial Times identified
the "actor" as Israeli-based NSO Group, which makes products for Middle
Eastern and Western intelligence agencies. A WhatsApp spokesperson
later said "we're certainly not refuting any of the coverage you've
seen".
The spokesperson did not mention NSO in a statement on the flaw but said the attack had "all the hallmarks of a private company that has been known to work with governments to deliver spyware that has the ability to take over mobile phone operating systems".
WhatsApp, which has more than 1.5 billion users, said ut contacted Citizen Lab and human rights groups, quickly fixed the issue and pushed out a patch.
The flaw was discovered while "our team was putting some additional security enhancements to our voice calls" and that engineers found that people targeted for infection "might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped".
WhatsApp, which has more than 1.5 billion users, said ut contacted Citizen Lab and human rights groups, quickly fixed the issue and pushed out a patch.
The flaw was discovered while "our team was putting some additional security enhancements to our voice calls" and that engineers found that people targeted for infection "might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped".
'Scary vulnerability'
The attack targeted iPhones, as well as phones with Google's Android system, Microsoft Windows Phones and Samsung's Tizen system.
John Scott-Railton, a researcher with the internet watchdog Citizen Lab, called the hack "a very scary vulnerability".
''There's nothing a user could have done here, short of not having the app," he told the Associated Press.
Spokespeople for NSO Group did not immediately respond to an email from AP seeking comment.
NSO says its products enable government intelligence and law
enforcement agencies to investigate and prevent terrorism and crime.
The revelation adds to the questions over the reach of the Israeli
company's powerful spyware, which can hijack mobile phones, control
their cameras and effectively turn them into pocket-sized surveillance
devices.
NSO's spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents.
According to a New York Times report
last year, the United Arab Emirates asked the NSO to hack into the
phones of the Qatari emir and a Saudi prince among other political and
regional rivals.
The spyware was also implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.
Several alleged targets of the spyware, including a close friend of
Khashoggi and several Mexican civil society figures, are currently suing
NSO in an Israeli court over the hacking.
Source: Aljazeera
No comments
Your comments and Encouragement are welcome