WhatsApp users urged to update app after malicious spyware attack

EnlargeSanteri Viinamäki

EnlargeSanteri Viinamäki

WhatsApp did not name the private company responsible for the breach, however, it's believed that many WhatsApp users, including a London-based human rights lawyer, were impacted by the incident. As such, WhatsApp has referred the case to the U.S. Department of Justice, noting that the attack likely came from a "private company working with governments on surveillance". It went on to say that it has "briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society".

The Facebook-owned company confirmed that a "select number" of users had been victims and that the bug, which affects all but the latest version of the app on iOS and Android, was orchestrated by an "advanced cyber actor".

A WhatsApp vulnerability allowed attackers to remotely install spyware onto phones - by simply calling them.

Human rights advocates and journalists, including the Saudi journalist Jamal Khashoggi, who was killed in October previous year, have been targeted using the malware, according to experts.

Whatsapp, which is owned by Facebook, also published an advisory to security specialists in which it described the flaw as: "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of STRCP packets sent to a target phone number".

"NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the United Kingdom lawyer)". Israeli firm NSO is accused of being behind the exploit.

WhatsApp, one of the most popular messaging apps out there, has once again been the subject of hacking, but this time the method used involves a government-grade spyware.

WhatsApp discovered the flaw in its software in early May and quickly made the necessary changes to its infrastructure to prevent spyware from accessing user data.

"NSO would not, or could not, use its technology in its own right to target any person or organization", it continued, going on to refer to a specific case in which a human rights lawyer based in the United Kingdom was targeted by the exploit in question.

Ireland's Data Protection Commission said WhatsApp notified the regulator on Monday of a "serious security vulnerability" and that it is actively engaging with the company to check if any European Union user data has been compromised. If it shows only the option to uninstall or open, then your app has already been updated.

Latest News