Tuesday, May 14, 2019

From the Telegraph

Our family and lots of our Spanish friends use WhatsApp to communicate with each other.

WhatsApp has urged users to update their messaging app after concerns were raised that hackers could inject spy software on to phones via the call function.

The Facebook-owned company said the spyware was spread by an “advanced cyber actor”, and infected multiple mobile phones using a major vulnerability in the app.

The spyware, developed by the secretive Israeli spyware company NSO Group, has the ability to give hackers full access to a phone remotely, allowing them to read messages, see contacts and activate the camera.

WhatsApp confirmed that a “select number” of users had been victims and that the bug and that the bug affects all but the latest version of the app on iOS and Android.

The attack involved cyber hackers using WhatsApp's voice calling function to ring a device. The surveillance software would then be installed, even if that call was not picked up.

The Financial Times on Monday evening reported that cyber hackers had been using the loophole up until Sunday evening, when it was used to target a UK-based human rights lawyer.

A spokesman for NSO, which is believed to sell its spyware to intelligence agencies and nation states, said that it was investigating the issue. The spokesman said NSO “would not, or could not” use its own technology to target “any person or organisation”, including the UK lawyer.

The vulnerability was also used to target a researcher at Amnesty International, which is fighting for the NSO Group to have its export license withdrawn by Israeli government.

NB If you use WhatsApp and your phone is set to automatic updates, then the app will already have been updated making you safe from this intrusion.

No comments: