Hackers Remotely Install Spyware To Read People's WhatsApp Messages
| Last updated
Hackers have been able to remotely install surveillance software on devices via WhatsApp, it has been confirmed.
The company - which is owned by Facebook - said the attack was launched by an 'advanced cyber actor' and a fix was rolled out on Friday. However, the company has urged all 1.5 billion users to update their apps as a precautionary measure.
The software used in the attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.
WhatsApp markets itself as a secure means of communication, as messages are end-to-end encrypted, meaning they can only be read on the sender's and the recipient's device. However, the hack meant it was possible for the attacker to read messages on a person's device.
If you're unsure whether your app has been updated, then the latest version for Apple is 2.19.51, while the latest version for Android is 2.19.134.
The attacker's modus operandi reportedly involved voice calling targets, which enabled them to install software even if the call wasn't picked up. The log of the call could also then be removed.
WhatsApp said: "The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems."
Professor Alan Woodward, from the University of Surrey, said the attack was 'pretty old-fashioned.
According to the BBC, he said: "In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area.
"In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work."
In a statement, the NSO - whose flagship software has the ability to collect data from a targeted device - said any allegations of misuse would be investigated.
It said: "NSO's technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.
"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.
"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system."
It is thought that journalists, lawyers and activists are most likely to have been targeted by the attack.