WhatsApp patches security flaw that allows attackers to deliver malware through calls
By HAMZA SHABAN, LOVEDAY MORRIS AND JENNIFER HASSAN | The Washington Post | Published: May 14, 2019
WhatsApp is urging its 1.5 billion users to update their app after the company detected sophisticated hacking attempts that may have targeted human rights activists.
The Facebook subsidiary said "an advanced cyber actor" exploited a security flaw and installed the malware by reaching targets on their mobile phones through WhatsApp's call function, giving hackers access to private messages, location data and other information. The company said it detected the pattern of abnormal phone calls earlier this month and updated its servers on Friday. It issued new versions of its iPhone and Android apps on Monday.
"We believe a select number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems."
WhatsApp did not identify the company. But the Financial Times, which first reported on the vulnerability, said the spyware was developed by Israel's NSO Group, whose software is known to have been used against human rights activists. NSO denied any involvement.
"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies," the company said in a statement Tuesday. "NSO would not or could not use its technology in its own right to target any person or organization, including this individual."
WhatsApp said it has briefed several human rights groups to share information about the attack and to help them alert activists who may have been targeted by the spyware. WhatsApp has also notified the U.S. Department of Justice.
A London-based lawyer, who declined to be named due to the sensitivity, said he'd received several suspicious video WhatsApp calls beginning in March that would ring for a few seconds before cutting out. He said he reported the suspicious content to CitizenLab who worked with WhatsApp to determine the source of the activity. Citizenlab and WhatsApp confirmed that it was a way of delivering Pegasus spyware with "zero click," he said. He added that the calls were from +46 and +35 dialing codes and added that the last attempt was two days ago.
As news of the platform hack began to spread worldwide, WhatsApp encouraged its 1.5 billion users to update to the latest version of the app in order to protect their privacy. The latest version is thought to better protect users against hacking.
But not all users were familiar with how to update the app, leading to a spike in people frantically googling "How to update WhatsApp?" Around the world people also searched for more information about the breach, although it is not yet known how many people were targeted by the hackers.