WhatsApp Flaw Allowed Spyware to Be Injected via Voice Calls

WhatsApp users are being urged to update their apps right away due to a vulnerability that allows an attacker to install spyware just by calling a target. They don’t even have to pick up for the malicious code to be transferred. The calls may not even show up on logs.

A UK-based human rights lawyer may have been the first attempted target of the spyware, which was developed by commercial Israeli company NSO Group. Their flagship product, Pegasus, can “turn on a phone’s microphone and camera, trawl through emails and messages and collect location data.”

Some allege NSO is behind the attacks, but they have claimed otherwise. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology.”

WhatsApp said teams of engineers had worked around the clock in San Francisco and London to close the vulnerability. It began rolling out a fix to its servers on Friday last week, WhatsApp said. All users should update to the latest version of WhatsApp, which was issued on Monday, the company said.

Discussion

Recent News