The spyware was developed by the Israeli cyber intelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.
Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.
WhatsApp said that the vulnerability was discovered this month, and that the company quickly addressed the problem within its own infrastructure. An update to the app was published Monday, and the company is encouraging users to upgrade out of an abundance of caution.
The company has also alerted US law enforcement to the exploit, and published a “CVE notice”, an advisory to other cybersecurity experts alerting them to “common vulnerabilities and exposures”.
The vulnerability was used in an attempted attack on the phone of a UK-based attorney on 12 May, the FT reported. The lawyer, who was not identified by name, is involved in a lawsuit against NSO brought by a group of Mexican journalists, government critics and a Saudi Arabian dissident.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a statement. “We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.”
NSO Group did not immediately respond to the Guardian’s request for a comment. The company told the FT that it was investigating the WhatsApp attacks.
WhatsApp has about 1.5bn users around the world. The messaging app uses end-to-end encryption, making it popular and secure for activists and dissidents. The Pegasus spyware does not affect or involve the app’s encryption.
from the guardian.com
O.k.Na.lemme upgrade.
ReplyDeleteMe.. I don port go telegram..
ReplyDeleteHow will I upgrade?
ReplyDeleteOriegwu really
ReplyDeleteImagine. 1.5b people will visit playstore soon.
ReplyDeleteBut what if when we upgrade, that’s when it even becomes vulnerable to the spy ware ๐ค don’t blame me, it’s too much of thriller, suspense and mystery American series that’s worrying me ๐๐
ReplyDeleteI feel the same way.
DeleteI don't trust them both; the Attacker and whatsapp๐๐.
Will do that later when I have enough memory on my phone.
ReplyDeleteAbeg, why are people following me on Instagram when I'm not active, I have not posted a single pic or update, but I keep receiving notifications, I always get confused anytime I log in.
Me too o
DeleteMe too!! I just opened an account on Friday. I have no pictures or updates and I woke up to 15 followers the next day.
Delete..the end to end encryption is a big scam
ReplyDelete