WhatsApp rolls out security fix amid spyware fears

WhatsApp has rushed to roll out a security fix after concerns were raised hackers could inject surveillance software on to phones via the call function.

The app discovered a vulnerability that allowed attackers to install malicious code on iPhones and Android phones by ringing up a target device.

The code could be transmitted even if users did not answer their phones and a log of the call often disappeared, the Financial Times reported.

This attack has all the hallmarks of a private company known to work with governments to deliver spyware

The company, which is owned by Facebook, said the attack bore a resemblance to spyware developed for intelligence agencies.

There are concerns that the software was used in attempts to access the phones of human rights campaigners, including a UK-based lawyer.

“We believe a select number of users were targeted through this vulnerability by an advanced cyber actor,” WhatsApp told the FT.

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

“We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”

The firm is said to have alerted officials at the US Department of Justice after discovering the vulnerability in early May.

WhatsApp claims to have 1.5 billion users around the world and it released a software update on Monday.

According to the Financial Times, the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.

The company told the paper: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.

“NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer).”

The vulnerability and suspected attacks have been investigated by Citizen Lab, a research group at the University of Toronto.

“We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer,” the lab said.

On Monday, Amnesty International said it was backing legal action against the Israeli Ministry of Defence demanding that it revokes NSO Group’s export licence.

Danna Ingleton, deputy director of Amnesty Tech, said: “NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics.”

- Press Association

More on this topic

Schools to get almost 800 more SNAs in September

‘Urgent’ need to change redress scheme

The best right-hand man in Irish business

Watch for dragonfly survey

More in this Section

Lightweight Canon a real heavy hitter

World’s top tech firms sharpen their focus on sustainability

Female-voiced AI assistants reinforce gender bias – UN study

Driverless cars can work together to keep traffic moving, research finds


Lifestyle

Mystery of Barbary ape at Eamhain Mhacha

Watch for dragonfly survey

Put-upon ravens harangued by the noisy neighbours

Runner of the Week: Kevin Betts - 'It’s always great to get back to Cork'

More From The Irish Examiner