WhatsApp discovers ‘targeted’ surveillance attack
May 14, 2019 07:29 pm
Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.
WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users and was orchestrated by “an advanced cyber-actor”.
A fix was rolled out on Friday.
On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.
The surveillance software involved was developed by Israeli firm NSO Group, according to a report in the Financial Times.
Facebook first discovered the flaw in WhatsApp earlier in May.
WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.
However, the surveillance software would have let an attacker read the messages on the target’s device.
Some users of the app have questioned why the app store notes associated with the latest update are not explicit about the fix.
“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.