WhatsApp call hack installs spyware on users’ phones

iPhones and Android devices are vulnerable to security flaw – WhatsApp recommends immediate app update

A vulnerability has been discovered in WhatsApp that allows hackers to covertly install spyware on users' phones and track their communications and even location.

The exploit, which was first reported by The Financial Times, affects both iOS and Android devices and was discovered by WhatsApp earlier this month.

The malware is delivered through a voice call on the app that doesn't even require the user to answer in order for it to be installed, According to a "spyware dealer" who spoke to the FT and WhatsApp. The spyware dealer also claimed that the attacker was then able to delete call logs, so the user may have no idea they were targeted.

It's alleged that the malicious code was developed by NSO Group, a secretive firm based in Israel that's known primarily for developing spyware under the codename Pegasus, which was discovered by the University of Toronto's Citizen Lab and cyber security firm Lookout in 2016.

Pegasus, which is sold to third parties such as government agencies, can turn on a phone's microphone and camera, and collect information from emails and messages as well as picking up location data.

As in 2016, this latest attack seems to have been used primarily to target those working in the field of human rights, with the FT reporting that a UK-based human rights lawyer was targeted on Sunday 12 May.

IT Pro contacted NSO Group for comment, but hadn't received a response at the time of publication. However, the organisation told the FT: "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.

"NSO would not, or could not, use its technology in its own right to target any person or organisation."

Independent security researcher Graham Cluley told IT Pro it's not surprising that a vulnerability like this had been found and exploited in WhatsApp.

"Any complicated piece of software is going to have bugs. Such a widely-used piece of software like WhatsApp is going to have many more determined parties looking closely at it for vulnerabilities and exploits than something that few people use," he said

He also said it's unsurprising that a specific victim profile had been targeted by whoever has deployed the malware, rather than used to capture data on all or most users.

"Attacks like this aren't typically used against a large number of individuals, but a small, targeted group of victims that are of high value to intelligence agencies and governments," he said.

It's currently not known how long the vulnerability has been in place, however, the company issued a patch for its mobile apps yesterday and is urging all users to upgrade to the latest version as soon as possible. It has also taken steps to deny attackers the ability to use this exploit at an infrastructure level.

In a statement issued to IT Pro, a WhatsApp spokesman said: "WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices. We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021
Bahrain targets activists with NSO's Pegasus spyware
spyware

Bahrain targets activists with NSO's Pegasus spyware

24 Aug 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021