Advert

Hackers Remotely Install Spyware To Read People's WhatsApp Messages

Published 
| Last updated 

Hackers Remotely Install Spyware To Read People's WhatsApp Messages

Hackers have been able to remotely install surveillance software on devices via WhatsApp, it has been confirmed.

The company - which is owned by Facebook - said the attack was launched by an 'advanced cyber actor' and a fix was rolled out on Friday. However, the company has urged all 1.5 billion users to update their apps as a precautionary measure.

The software used in the attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.

WhatsApp has encouraged all users to update their apps. Credit: PA
WhatsApp has encouraged all users to update their apps. Credit: PA
Advert

WhatsApp markets itself as a secure means of communication, as messages are end-to-end encrypted, meaning they can only be read on the sender's and the recipient's device. However, the hack meant it was possible for the attacker to read messages on a person's device.

If you're unsure whether your app has been updated, then the latest version for Apple is 2.19.51, while the latest version for Android is 2.19.134.

The attacker's modus operandi reportedly involved voice calling targets, which enabled them to install software even if the call wasn't picked up. The log of the call could also then be removed.

WhatsApp said: "The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems."

Advert

Professor Alan Woodward, from the University of Surrey, said the attack was 'pretty old-fashioned.

According to the BBC, he said: "In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area.

"In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work."

WhatsApp has been targeted by a surveillance attack. Credit: PA
WhatsApp has been targeted by a surveillance attack. Credit: PA
Advert

In a statement, the NSO - whose flagship software has the ability to collect data from a targeted device - said any allegations of misuse would be investigated.

It said: "NSO's technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system."

Advert

It is thought that journalists, lawyers and activists are most likely to have been targeted by the attack.

Featured Image Credit: PA

Topics: World News, Technology, whatsapp

Jake Massey
Advert
Advert
Advert

Chosen for YouChosen for You

News

Why It Might Feel Like You Get More Drunk At The Pub Over Drinking At Home

a day ago

Most Read StoriesMost Read

News

Aldi Trialling Loose Rice And Pasta In Attempt To Reduce Plastic Waste

3 hours ago