{getMailchimp} $title={MailChimp Form} $text={Subscribe to our mailing list to get the new updates.}

Spyware discovered targeting phones through WhatsApp calls

Spyware crafted by an "advanced cyber actor" infected multiple targeted mobile phones through the WhatsApp messaging service without any user intervention through in-app voice calls.

The malware was able to penetrate phones through missed calls alone via the application's voice calling function, the spokesperson for the Facebook subsidiary said on Monday.

An unknown number of people were infected with the malware, which the company said it discovered in early May, according to the spokesperson.

The Financial Times identified the "actor" as Israeli-based NSO Group, which makes products for Middle Eastern and Western intelligence agencies. A WhatsApp spokesperson later said "we're certainly not refuting any of the coverage you've seen".

The spokesperson did not mention NSO in a statement on the flaw but said the attack had "all the hallmarks of a private company that has been known to work with governments to deliver spyware that has the ability to take over mobile phone operating systems".

WhatsApp, which has more than 1.5 billion users, said ut contacted Citizen Lab and human rights groups, quickly fixed the issue and pushed out a patch.

The flaw was discovered while "our team was putting some additional security enhancements to our voice calls" and that engineers found that people targeted for infection "might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped".

'Scary vulnerability'

The attack targeted iPhones, as well as phones with Google's Android system, Microsoft Windows Phones and Samsung's Tizen system.

John Scott-Railton, a researcher with the internet watchdog Citizen Lab, called the hack "a very scary vulnerability".

''There's nothing a user could have done here, short of not having the app," he told the Associated Press.

Spokespeople for NSO Group did not immediately respond to an email from AP seeking comment.

NSO says its products enable government intelligence and law enforcement agencies to investigate and prevent terrorism and crime.

The revelation adds to the questions over the reach of the Israeli company's powerful spyware, which can hijack mobile phones, control their cameras and effectively turn them into pocket-sized surveillance devices.

NSO's spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents.

According to a New York Times report last year, the United Arab Emirates asked the NSO to hack into the phones of the Qatari emir and a Saudi prince among other political and regional rivals. 

The spyware was also implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.

Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, are currently suing NSO in an Israeli court over the hacking.

 Source: Aljazeera


No comments

Your comments and Encouragement are welcome