WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function.
The spyware was developed by the Israeli cyberintelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.
Attackers could transmit the malicious code to a target’s device by calling the user, whether or not the recipient answered the call.
Logs of the incoming calls were often erased, the report said.
WhatsApp said that the vulnerability was discovered this month and that the company quickly addressed the problem within its own infrastructure.
An update to the app was released on Monday and the company is encouraging users to upgrade out of an abundance of caution.
The company has also alerted US law enforcement to the exploit and published a “CVE notice,” an advisory to other cybersecurity experts alerting them to “common vulnerabilities and exposures.”
The vulnerability was used in an attempted attack on the smartphone of a UK-based attorney on Sunday, the Financial Times reported.
The lawyer, who was not identified by name, is involved in a lawsuit against NSO Group brought by a group of Mexican journalists, government critics and a Saudi Arabian dissident.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a statement.
“We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society,” it said.
NSO Group told the Financial Times that it was investigating the WhatsApp attacks.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” NSO Group told the newspaper.
“NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual,” it said.
NSO Group limits sales of its spyware, Pegasus, to state intelligence agencies.
The spyware’s capabilities are near absolute.
Once installed on a smartphone, the software can extract all of the data that is already on the device (text messages, contacts, GPS location, e-mail, browser history, etc) in addition to creating new data by using the phone’s microphone and camera to record the user’s surroundings and ambient sounds, a 2016 report by the New York Times said.
WhatsApp has about 1.5 billion users worldwide.
HONG KONG SECURITY: The president blasted regulations requiring Taiwanese agents or political organizations to provide information on their Hong Kong-related activities President Tsai Ing-wen (蔡英文) yesterday warned of countermeasures should controversial Chinese national security legislation imposed on Hong Kong undermine or harm Taiwanese interests. Article 43 of the legislation empowers the Hong Kong Special Administrative Region to serve written notices to Taiwanese political organizations or individual agents to furnish information on their Hong Kong-related activities, including their personal particulars, finances, assets, expenditure and capital in the territory. Failure to comply or providing false or incomplete information can result in a fine of HK$100,000 (US$12,903) or imprisonment of six months or two years respectively. Tsai said that Taiwan would keep a close watch on how
FORCED LABOR: Customs officials have seized a 11.8 tonne shipment of products made from human hair on suspicion they were produced by people facing human rights abuses Federal authorities in New York City on Wednesday seized a shipment of weaves and other beauty accessories suspected to be made out of human hair taken from people locked inside a Chinese internment camp. US Customs and Border Protection (CPB) officials said that 11.8 tonnes of hair products worth an estimated US$800,000 were in the shipment. “The production of these goods constitutes a very serious human rights violation, and the detention order is intended to send a clear and direct message to all entities seeking to do business with the United States that illicit and inhumane practices will not be tolerated in
JUST QUESTIONS: Expelled reporter Ai Kezhu said that every member of Southeast Television had complied with the law and had not appeared on any talk shows Two Chinese reporters yesterday left Taiwan after the government revoked their accreditation and ordered them to leave amid a probe into allegations that several Chinese media outlets have set up studios and produced political talk shows in Taiwan. The two reporters — Ai Kezhu (艾珂竹) and Lu Qiang (盧薔) — worked for Fujian Province-based Southeast Television and arrived in Taiwan in December last year. The Mainland Affairs Council has launched an investigation after local media reported that Chinese broadcasters — including China Central Television, Southeast Television and FJTV — had set up studios in Taipei and produced political talk shows. Council Deputy Minister
PROBE LAUNCHED: An officer who served as a supervisor in the drill died in an apparent suicide after the accident, which was caused by unexpected waves Two marines who were on Friday injured in a military exercise in the waters off Kaohsiung passed away yesterday, Navy Command said. The marines — surnamed Tsai (蔡), 26, and a sergeant surnamed Chen (陳), 36 — were in a seven-member Marine Corps team that encountered rough seas during a simulated response to enemy forces landing on Taiwan. Their rubber craft overturned in waters off Taoziyuan (桃子園) beach in Zuoying District (左營), injuring four of the marines. They were rushed to hospital, where three of them — Tsai, Chen and a 34-year-old sergeant — were taken to an intensive care unit