San Francisco, United States / A vulnerability in WhatsApp allowed hackers to install spyware on some targeted phones and access data from those devices, the popular messaging app said on Monday.
The chink in the encrypted messaging service has been fixed now, but an unknown number of users have been affected, according to the app owned by Facebook.
“Earlier this month, WhatsApp identified and immediately fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices,” Whatsapp confirmed in a press release.
The loophole in the messaging app was first published exclusively by the Financial Times. The messaging app urged all its 1.5 billion users worldwide to update the application to its latest version as a precaution and “keep their mobile OS updated, to receive the latest security protections”. The spyware was capable of infecting phones with Apple (iOS) or Google (Android) operating system.
WhatsApp, which was acquired by Facebook in 2014, said that, so far, it cannot specify how many people were affected. “A select number of users were targeted through this vulnerability” and thus would not imply a large scale attack, it said.
Suspicions about the origin of spyware
The spyware that was remotely installed on the targeted phones resembles the technology developed by the Israeli cybersecurity company NSO Group, which has led WhatsApp to look at it as the main suspect behind the breach.
The vulnerability in the system, which the company fixed with a software patch on Monday, was detected only a few days ago. It is, however, unknown how long the spying activities had gone on for.
The hackers made calls through WhatsApp to the phone whose data they wanted to access and even if the person did not respond to the call, a spyware could be installed on these devices.
In many cases, the call disappeared from the log of the device, and so if the person had not seen the incoming call at the time they would not suspect anything.
WhatsApp also reported that “we have briefed a number of human rights organizations (that were among the victims of the hack) to share the information” with cybersecurity companies and as well as with the US Department of Justice.
That some of the organizations affected were human rights platforms, reinforced the hypothesis of the involvement of NSO Group, since its software has been used in the past to carry out attacks against such entities.
NSO Group, which operates in an opaque manner and has been shrouded in secrecy for years, designs spyware for its customers, including governments around the world, who use it to access mobile devices for surveillance. (May 14, 2019, EFE/Practica Español)
Noticia relacionada (2014)
Lee la noticia y responde a las preguntas (Read the news and answer the questions)
La venta de WhatsApp.
La instalación de softwares espía en el WhatsApp de algunos móviles.
La nueva actualización de WhatsApp.
Todos los usuarios de la aplicación.
Algunas personas seleccionadas.
Porque se parece a la tecnología desarrollada por esta empresa.
Porque son sus rivales en el mercado.
Porque han dejado huellas informáticas.
Realizando una llamada al teléfono a través de WhatsApp.
Mandando un mensaje al teléfono a través de WhatsApp.
Mandando una imagen al teléfono a través de WhatsApp.
Fundador de Facebook.
Fundador de NSO Group.
Fundador de WhatsApp.
Un fallo en el sistema que pone en riesgo la seguridad de la información.
Una lesión física.
Una debilidad humana.