We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. WhatsApp had a scary flaw that was used to secretly send spyware to smartphones simply by calling the victim up. On Monday, the Facebook-owned messaging service disclosed the vulnerability, which affects both iOS and Android, after it was used to attack a number of victims, a WhatsApp spokesperson told PCMag. "WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date," the spokesperson said in an email. According to WhatsApp, the attacks have all the hallmarks of a private company that works with governments to deliver spyware to mobile phones. Although it refrained from naming the company, WhatsApp is probably referring to NSO Group, an Israel technology firm notorious for developing a spyware program known as Pegasus that's targeted human rights activists, politicians and journalists. The WhatsApp vulnerability allegedly allowed NSO Group to send spyware to the victims even when they had not answered a voice call over the app, according to The Financial Times, which was first to report the news. The vulnerability deals with the voice over IP (VoIP) function on WhatsApp, which can enable internet-based voice calls. A bug in the VoIP function could let the attacker send specially-crafted data packets to essentially rewrite the app's memory, paving the way for remote code execution. WhatsApp told PCMag it had identified the vulnerability earlier this month and promptly fixed it with patches that can be downloaded over both the iOS and Android versions of the app. The chat service has also changed its IT infrastructure to prevent the attack from ever taking place. It isn't clear how many victims were targeted. But it may have been used to attack a UK-based human rights lawyer this past Sunday, according to Citizen Lab, a watchdog group at the University of Toronto, which has been investigating NSO Group's activities. The vulnerability is found in WhatsApp for Android prior to version v2.19.134 and WhatsApp for iOS prior to v2.19.51. The WhatsApp Business apps and Windows Phone and Tizen versions are also affected. You can find out more here. In a statement, NSO Group defended its technologies, saying they're designed for the purposes of helping governments fight crime and terrorism. "The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," NSO Group said. "We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies," the company added.
Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.
We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. WhatsApp had a scary flaw that was used to secretly send spyware to smartphones simply by calling the victim up. On Monday, the Facebook-owned messaging service disclosed the vulnerability, which affects both iOS and Android, after it was used to attack a number of victims, a WhatsApp spokesperson told PCMag. "WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date," the spokesperson said in an email. According to WhatsApp, the attacks have all the hallmarks of a private company that works with governments to deliver spyware to mobile phones. Although it refrained from naming the company, WhatsApp is probably referring to NSO Group, an Israel technology firm notorious for developing a spyware program known as Pegasus that's targeted human rights activists, politicians and journalists. The WhatsApp vulnerability allegedly allowed NSO Group to send spyware to the victims even when they had not answered a voice call over the app, according to The Financial Times, which was first to report the news. The vulnerability deals with the voice over IP (VoIP) function on WhatsApp, which can enable internet-based voice calls. A bug in the VoIP function could let the attacker send specially-crafted data packets to essentially rewrite the app's memory, paving the way for remote code execution. WhatsApp told PCMag it had identified the vulnerability earlier this month and promptly fixed it with patches that can be downloaded over both the iOS and Android versions of the app. The chat service has also changed its IT infrastructure to prevent the attack from ever taking place. It isn't clear how many victims were targeted. But it may have been used to attack a UK-based human rights lawyer this past Sunday, according to Citizen Lab, a watchdog group at the University of Toronto, which has been investigating NSO Group's activities. The vulnerability is found in WhatsApp for Android prior to version v2.19.134 and WhatsApp for iOS prior to v2.19.51. The WhatsApp Business apps and Windows Phone and Tizen versions are also affected. You can find out more here. In a statement, NSO Group defended its technologies, saying they're designed for the purposes of helping governments fight crime and terrorism. "The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," NSO Group said. "We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies," the company added.