WhatsApp Flaw Allowed Spyware to Be Injected via Voice Calls

The FPS Review may receive a commission if you purchase something after clicking a link in this article.

WhatsApp users are being urged to update their apps right away due to a vulnerability that allows an attacker to install spyware just by calling a target. They don’t even have to pick up for the malicious code to be transferred. The calls may not even show up on logs.

A UK-based human rights lawyer may have been the first attempted target of the spyware, which was developed by commercial Israeli company NSO Group. Their flagship product, Pegasus, can “turn on a phone’s microphone and camera, trawl through emails and messages and collect location data.”

Some allege NSO is behind the attacks, but they have claimed otherwise. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology.”

WhatsApp said teams of engineers had worked around the clock in San Francisco and London to close the vulnerability. It began rolling out a fix to its servers on Friday last week, WhatsApp said. All users should update to the latest version of WhatsApp, which was issued on Monday, the company said.


Tsing Mui
Tsing has been writing the news for over 5 years, first at [H]ard|OCP and now at The FPS Review. He has a background in journalism and makes sure to give his readers the relevant context to why each news post matters.

Recent News