Facebook has had a tough time since the revelations of Cambridge Analytica data harvesting case came out last year. At the F8 conference this year, the chief executive Mark Zuckerberg promised to execute a “re-plumbing” job to make Facebook and its sister platforms – including WhatsApp and Instagram – more private and secure. But, it looks like the company’s problems as well as its users’ might not be ending anytime soon. In a shocking revelation, we have learned that a vulnerability in the WhatsApp messenger may have allowed hackers to install spyware on users’ smartphones to snoop on so-called end-to-end encrypted chats.
Financial Times (paywall) reports that a vulnerability in WhatsApp voice calling feature allowed attackers to remotely execute a code that would install spyware on any iPhone or Android smartphone. This could be accomplished even if the targets did not pick up the call. A WhatsApp spokesperson said that the security team has patched the issue but insists users update their apps at the soonest possible.
The publication alleges although the creator of this exploit is unclear, it resembles other products by Isreali company NSO Group, which has been previously accused of providing spyware to wiretap the conversations of human right activist and journalists. NSO Group is infamous as the creator of a powerful tool called Pegasus, which can be used by intelligence agencies worldwide to eavesdrop on suspects. It was also alleged to have helped the Saudi government track the conversations of opposers of the autocratic regime and dissidents and the list of targets includes the slain Wall Street Journal reporter Jamal Khashoggi. The company claims that its products are sold to government agencies for fighting against terrorism and is been facing multiple lawsuits on grounds of illegal hacking.
Earlier this month, when WhatsApp’s engineers were trying to fix the vulnerability, the came across unusual voice calling activity, which is when they grew wary of the gravity of this situation. This was reportedly an attack used to target a London-based human rights lawyer involved in lawsuits against NSO Group. The lawyer, whose name was not shared, was representing individuals including a bunch of activists, journalists, and dissidents whose smartphones have previously been sabotaged by NSO’s Pegasus.
Besides releasing a fix for the vulnerability on Monday, WhatsApp also alerted the U.S. Justice Department about the possibility that similar tools could be in use for targeting users in the country.
Make sure you update WhatsApp to stay safe against any attacks on your smartphone.