Published: Wed, May 15, 2019

Security warning after WhatsApp flaw lets hackers infiltrate phones

Security warning after WhatsApp flaw lets hackers infiltrate phones

According to WhatsApp, the vulnerability was discovered in early May, and it took ten days to make necessary alterations to the application to disable this attack.

Once installed, the Pegasus spyware, allegedly developed by Israel's secretive NSO group, can turn on the phone's camera and microphone, look at emails and messages and collect information about the user's location data.

"WhatsApp have today announced a vulnerability that could have allowed users' phones to be compromised", an NCSC spokesman said.

It's unclear how many Android and iOS devices were affected by the vulnerability, but as you can imagine, anyone with access to the spyware could hack any WhatsApp user.

Hackers discovered a flaw in WhatsApp's software that allowed the installation of spyware on cellphones through voice calls, the company admitted to the Financial Times on Monday.

WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users, and was orchestrated by "an advanced cyber actor", according to the BBC.

However, NSO disputed the claims, saying: "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies". We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.


"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies", the company said.

The flaw has since been fixed and the company delivered a server-side fix on May 10th and its engineers worked through Sunday to release the patched versions of its app on May 13th. NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual.

The human rights group Amnesty International wants to stop the company from operating.

The NSO Group came to prominence in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates.

WhatsApp update: How do I update Whatsapp on iPhone and Android?

Pegasus spyware has already been deployed to hack journalists, lawyers, and other dissidents.

Apart from rolling out app updates to patch the exploit, WhatsApp also made changes to its infrastructure to ensure the attack could not be carried out.

Like this: