Hackers Remotely Install Spyware To Read People's WhatsApp Messages

Hackers have been able to remotely install surveillance software on devices via WhatsApp, it has been confirmed.

The company - which is owned by Facebook - said the attack was launched by an 'advanced cyber actor' and a fix was rolled out on Friday. However, the company has urged all 1.5 billion users to update their apps as a precautionary measure.

The software used in the attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.

WhatsApp has encouraged all users to update their apps. Credit: PA
WhatsApp has encouraged all users to update their apps. Credit: PA

WhatsApp markets itself as a secure means of communication, as messages are end-to-end encrypted, meaning they can only be read on the sender's and the recipient's device. However, the hack meant it was possible for the attacker to read messages on a person's device.

If you're unsure whether your app has been updated, then the latest version for Apple is 2.19.51, while the latest version for Android is 2.19.134.

The attacker's modus operandi reportedly involved voice calling targets, which enabled them to install software even if the call wasn't picked up. The log of the call could also then be removed.

WhatsApp said: "The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems."

Professor Alan Woodward, from the University of Surrey, said the attack was 'pretty old-fashioned.

According to the BBC, he said: "In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area.

"In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work."

WhatsApp has been targeted by a surveillance attack. Credit: PA
WhatsApp has been targeted by a surveillance attack. Credit: PA

In a statement, the NSO - whose flagship software has the ability to collect data from a targeted device - said any allegations of misuse would be investigated.

It said: "NSO's technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system."

It is thought that journalists, lawyers and activists are most likely to have been targeted by the attack.

Featured Image Credit: PA

Jake Massey

Jake Massey is a journalist at LADbible. He graduated from Newcastle University, where he learnt a bit about media and a lot about living without heating. After spending a few years in Australia and New Zealand, Jake secured a role at an obscure radio station in Norwich, inadvertently becoming a real-life Alan Partridge in the process. From there, Jake became a reporter at the Eastern Daily Press. Jake enjoys playing football, listening to music and writing about himself in the third person.

Next Up

arrow-down arrow-left arrow-right arrow-up camera clock close comment cursor email facebook-messenger facebook Instagram link new-window phone play share snapchat submit twitter vine whatsapp logoInline safari-pinned-tab Created by potrace 1.11, written by Peter Selinger 2001-2013