WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function.
The spyware was developed by the Israeli cyberintelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.
Attackers could transmit the malicious code to a target’s device by calling the user, whether or not the recipient answered the call.
Photo: AFP
Logs of the incoming calls were often erased, the report said.
WhatsApp said that the vulnerability was discovered this month and that the company quickly addressed the problem within its own infrastructure.
An update to the app was released on Monday and the company is encouraging users to upgrade out of an abundance of caution.
The company has also alerted US law enforcement to the exploit and published a “CVE notice,” an advisory to other cybersecurity experts alerting them to “common vulnerabilities and exposures.”
The vulnerability was used in an attempted attack on the smartphone of a UK-based attorney on Sunday, the Financial Times reported.
The lawyer, who was not identified by name, is involved in a lawsuit against NSO Group brought by a group of Mexican journalists, government critics and a Saudi Arabian dissident.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a statement.
“We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society,” it said.
NSO Group told the Financial Times that it was investigating the WhatsApp attacks.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” NSO Group told the newspaper.
“NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual,” it said.
NSO Group limits sales of its spyware, Pegasus, to state intelligence agencies.
The spyware’s capabilities are near absolute.
Once installed on a smartphone, the software can extract all of the data that is already on the device (text messages, contacts, GPS location, e-mail, browser history, etc) in addition to creating new data by using the phone’s microphone and camera to record the user’s surroundings and ambient sounds, a 2016 report by the New York Times said.
WhatsApp has about 1.5 billion users worldwide.
RETHINK? The defense ministry and Navy Command Headquarters could take over the indigenous submarine project and change its production timeline, a source said Admiral Huang Shu-kuang’s (黃曙光) resignation as head of the Indigenous Submarine Program and as a member of the National Security Council could affect the production of submarines, a source said yesterday. Huang in a statement last night said he had decided to resign due to national security concerns while expressing the hope that it would put a stop to political wrangling that only undermines the advancement of the nation’s defense capabilities. Taiwan People’s Party Legislator Vivian Huang (黃珊珊) yesterday said that the admiral, her older brother, felt it was time for him to step down and that he had completed what he
Taiwan has experienced its most significant improvement in the QS World University Rankings by Subject, data provided on Sunday by international higher education analyst Quacquarelli Symonds (QS) showed. Compared with last year’s edition of the rankings, which measure academic excellence and influence, Taiwanese universities made great improvements in the H Index metric, which evaluates research productivity and its impact, with a notable 30 percent increase overall, QS said. Taiwanese universities also made notable progress in the Citations per Paper metric, which measures the impact of research, achieving a 13 percent increase. Taiwanese universities gained 10 percent in Academic Reputation, but declined 18 percent
UNDER DISCUSSION: The combatant command would integrate fast attack boat and anti-ship missile groups to defend waters closest to the coastline, a source said The military could establish a new combatant command as early as 2026, which would be tasked with defending Taiwan’s territorial waters 24 nautical miles (44.4km) from the nation’s coastline, a source familiar with the matter said yesterday. The new command, which would fall under the Naval Command Headquarters, would be led by a vice admiral and integrate existing fast attack boat and anti-ship missile groups, along with the Naval Maritime Surveillance and Reconnaissance Command, said the source, who asked to remain anonymous. It could be launched by 2026, but details are being discussed and no final timetable has been announced, the source
SHOT IN THE ARM: The new system can be integrated with Avenger and Stinger missiles to bolster regional air defense capabilities, a defense ministry report said Domestically developed Land Sword II (陸射劍二) missiles were successfully launched and hit target drones during a live-fire exercise at the Jiupeng Military Base in Pingtung County yesterday. The missiles, developed by the Chungshan Institute of Science and Technology (CSIST), were originally scheduled to launch on Tuesday last week, after the Tomb Sweeping Day holiday long weekend, but were postponed to yesterday due to weather conditions. Local residents and military enthusiasts gathered outside the base to watch the missile tests, with the first one launching at 9:10am. The Land Sword II system, which is derived from the Sky Sword II (天劍二) series, was turned