WhatsApp admitted a major cybersecurity breach that has enabled targeted spyware to be installed on phones through voice calls. The security vulnerability affects both iPhone and Android devices, with malicious code (allegedly) from Israel's NSO Group, transmitted whether or not a user answers an infected call.
The spyware was developed by the Israeli cyber intelligence company NSO Group which first reported the vulnerability.
Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.
WhatsApp said that the vulnerability was discovered this month, and that the company quickly addressed the problem within its own infrastructure. An update to the App was published on Monday, and the company is encouraging users to upgrade out of an abundance of caution.
Meanwhile, the company has also alerted US law enforcement to the exploit, and published a “CVE notice”, an advisory to other cybersecurity experts alerting them to “common vulnerabilities and exposures”.
WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function.
Giving out a statement, the company advised:
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices".
WhatsApp has about 1.5 bn users around the world. Facebook has suffered a multitude of security and privacy breaches in the last year, but this news that a government-grade intelligence collection application had targeted the company's WhatsApp application is different. WhatsApp is Facebook's flagship messaging application and is lauded for its end-to-end encryption, both for messaging and voice calls. As a result, it has become a standard communications platform for government and security officials in many countries around the world.
(With inputs from agencies)