WhatsApp suffers 'targeted' surveillance attack

A fix is already rolled out with the company urging all of its 1.5 billion users to update their apps as an added precaution

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp. According to a statement by the company, which is owned by Facebook, the attack targeted a "select number" of users, mostly human rights attorneys, and was orchestrated by "an advanced cyber-actor," which the Financial Times identified as Israel's NSO Group.

According to media's report, the hackers, hired by the Israeli cyber intelligence firm delivered a malicious code to users’ handsets using an exploit in the voice-call feature on WhatsApp, accessing all the decrypted data. The code could be deployed regardless of whether the recipient answered the call and it seems to have targeted journalists and human rights activists, including one ffrom the UK.

What they were hit by is reportedly NSO’s core product, Pegasus, which is essentially spyware that can scrape email and text messages, track calls, access a device’s location, and activate the phone’s microphone and camera. It’s worth noting that although WhatsApp was used in this instance to distribute Pegasus, WhatsApp messages - which are encrypted - are not thought to have been impacted.

A fix is already rolled out, with the company urging all of its 1.5 billion users to update their apps as an added precaution

The revelation, however, adds to the questions over the reach of the Israeli company's powerful spyware, which takes advantage of digital flaws to hijack smartphones, control their cameras and effectively turn them into pocket-sized surveillance devices. The claims nevertheless, raise serious problems for WhatsApp’s reputation, which has been built on the privacy and security of the end-to-end encryption in its very popular texting and voice calling application.

End-to-end encryption means data sent via WhatsApp is scrambled in transit, and only understandable by the party sending it and the party receiving it — whether the data is in the form of texts, pictures or voice conversations. It’s a major selling point for the application. This has made it a popular choice for people wishing to communicate “out of band” — off regular, unencrypted or corporate communications channels — about all manner of personal information, including everything from legal and business matters to personal or political problems.

Similar articles