WhatsApp unveiled that they discovered a vulnerability that could allow hackers to put a malicious code on the phone of a user who uses calls through the application.
“We believe a cyber-hacker attacked a select number of users through this vulnerability. The attack has all the characteristics of a private company that, reportedly, works with governments to deliver spyware that assumes the functions of mobile phone operating systems, “a spokesman for WhatsApp said in a statement.
Facebook’s subsidiary said they have already corrected such vulberabilidad, but they also call on users to perform the application update, as a precaution.
“We are deeply concerned about the abuse of such capabilities. We have informed a number of human rights organizations to share the information we can and work with them to notify civil society, “said the spokesman.
The vulnerability discovered in the messaging application is being exploited to inject commercial spyware into Android phones and iOS by simply calling the target.
The spy software, developed by the secret group of the OSN of Israel, can be installed without a trace and without the objective attending the call, according to security investigators and confirmed by WhatsApp.
Once installed, spyware can turn on a phone’s camera and microphone, scan emails and messages, and collect user location data. That is why they have urged their 1.5 trillion global users to update the application immediately to close the security hole.
The vulnerability exists in the following versions of WhatsApp:
- WhatsApp for Android before v 2.19.134
- WhatsApp Business for Android before v 2.19.44
- WhatsApp for iOS before v 2.19.51
- WhatsApp Business for iOS before v 2.19.51
- WhatsApp for Windows Phone before v 2.18.348
- WhatsApp for Tizen before v 2.18.15
The vulnerability discovered in early May was recently attacked on Sunday, when a UK-based human rights lawyer was attacked by the OSN star Pegasus program, according to researchers from the Citizens ‘ laboratory. The attack was blocked by WhatsApp.
“This attack has all the features of a private company that is known to work with Governments to deliver spyware that supposedly assumes the functions of mobile phone operating systems,” said WhatsApp.
Who’s behind the program?
The NSO Group is an Israeli company that has been pointed out in the past of being a cyber-weapons trafficker. While some cyber security companies report on the failures they find to be solved, others will save the problems so that they can be exploited or sold to security agencies.