Hackers attack WhatsApp, install surveillance software on phones by manipulating vulnerable area in messaging app
WhatsApp has come under attack from hackers who have remotely installed a surveillance software on targeted phones and other devices by manipulating a vulnerable area in the messaging app, the company has said. The criminals, whom it described as advanced cyber actor, targeted only a select group of users, the Facebook-owned messaging app said after the breach came to light following media reports. Meanwhile, to counter the attack, WhatsApp has rolled out a new security feature last Friday, and urged all its users to update the app. The attack reportedly took place early this month.
According to a report in The Financial Times, even if a user doesn’t pick the call, the software would automatically get installed, while any record of the call would disappear from the device. WhatsApp said hackers have manipulated a flaw in the voice-calling function to zero-in on a target’s device. At a press conference on Monday, it revealed that the attack had all the hallmark of a company that works with governments to supply a spyware which can remotely take over a phone’s operating function. Describing the flaw in the app, a company official said that the app’s VOIP stack was compromised to allow a remote-code execution for hacking a device. FT further said that only an Israeli company called the NSO Group has a software called Pegasus that can remotely capture data from a phone, micro-phone or camera.
The Israeli firm, however, rejected the allegations that its software has been misused. In a statement, the company said that its technology is licensed to authorized government agencies only to fight crime and terror after a rigorous licensing and vetting process, and it does not operate the system. It further said that any credible allegations of misuse will be thoroughly investigated and take appropriate action, including shutting down the system. It said that under no circumstance NSO would operate the system, which is only by intelligence and law enforcement agencies.