WhatsApp vulnerability allows attackers to distribute spyware on mobile phones

WhatsApp has discovered a vulnerability in its system which allowed attackers to install spyware designed by NSO Group on people's phones, the Financial Times writes. Both iPhone and Android models were targeted, and the attackers could install the surveillance software simply by using the app’s call option. Following the call, which the victim didn’t need to pick up, the spyware would be installed on the device, and the call itself would disappear from the log.

WhatsApp has rolled out an update which should fix the issue. The company urges all users to download the latest update.

"This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems," WhatsApp said. "We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society."

At the moment, it is too early to tell how many people have fallen victim to the attacks. On Sunday, a UK-based human rights lawyer was a target of a similar attack.

NSO Group software has been developed for Middle Eastern and Western intelligence agencies to counter terrorism. NGO’s product Pegasus can be used to turn on someone’s camera and microphone, access their emails and messages, as well as access their location. Although the company admits to investigating the issue, it also claims its vetting process and client selection are taken seriously.