WhatsApp tells users to update app after finding flaw that allows commercial-grade spying

Security researchers found spyware designed to take advantage of a WhatsApp flaw that bore characteristics of technology from Israeli company, the NSO Group. PHOTO: AFP
Yip Wai Yee
Taiwan Correspondent
Updated
May 17, 2019, 02:51 PM
Published
May 14, 2019, 10:40 AM

SINGAPORE - A flaw on popular messaging app WhatsApp has allowed hackers to remotely install surveillance software on phones via its voice call function, potentially affecting all of its 1.5 billion users worldwide.

In a statement on Monday (May 13), Facebook-owned WhatsApp urged all users to update to the latest version of the app that contains the patch by going to the Google Play Store or Apple App Store.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," the statement said.

The tech giant believes that the flaw affected only a "select number" of targeted users as the spyware that was detected as having been installed was commercial-grade and typically sold to nation-states.

The spyware in question is Israel-based NSO Group's Pegasus, typically licensed to government agencies.

Hackers could use the security flaw to insert spyware and steal data from an Android phone or an iPhone by placing a WhatsApp call - even if the call is not picked up.

The New York Times reported that the spyware was used to break into the phone of a London lawyer that had been involved in lawsuits accusing NSO Group of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists.

WhatsApp said it took less than 10 days after discovering the flaw in early May to make the required changes to its infrastructure. A WhatsApp app update went out last Friday (May 10) to correct the flaw.

WhatsApp engineers who examined the vulnerability concluded that the spyware in question is similar to other tools from the NSO Group.

More On This Topic
WhatsApp bug lets users bypass new privacy controls
WhatsApp lets paedophiles and gangsters operate beyond the law, says Britain

In response, NSO Group reportedly said its technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

NSO also said it does not operate Pegasus, and that intelligence and law enforcement agencies determine how to use the technology to support their public safety missions.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system," according to NSO Group.

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top