Warning: Update Your WhatsApp Now to Avoid Israeli Spyware

An Israeli spyware firm was found to be using a WhatsApp flaw to tap into the phones of activists and journalists.

Published14 May 2019, 09:31 AM IST
Tech News
2 min read

An Israeli firm, NSO Group, that has been accused of supplying spyware for spying on human rights activists and journalists, has now been accused of using a WhatsApp bug to access communications into iPhones and Android phones, The New York Times reported.

According to the NYT report, the spyware has characteristics similar to the technology from NSO Group.

WhatsApp seems to have fixed the vulnerability with a patch on Monday, 13 May, further urging customers to update their app and Operating System.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” it was quoted by NYT as saying.

WHAT DOES THE BUG DO?

Using the WhatsApp bug, digital attackers could steal data from a smartphone by simply placing a WhatsApp call, even if the victim did not pick up the call. WhatsApp's engineers, according to the NYT report, concluded that it was similar to other tools from the NSO Group because of its digital footprint.

HOW WAS IT FOUND?

According to the NYT report, the spyware was found when it was used to break into the phone of a London lawyer, who has accused the NSO group of providing tools to hack phones of journalists and activists.

The lawyer said that he got suspicious after receiving WhatsApp video calls from Norwegian numbers at odd hours. He then contacted Citizen Lab at the Munk School of Global Affairs at the University of Toronto, which has helped uncover the use of NSO Group products.

WHAT WHATSAPP DID

While Citizen Lab was working on the Spyware, engineers at WhatsApp had found an abnormal voice calling activity on their systems, NYT quoted an employee as saying.

WhatsApp then alerted human-rights organisations about the threat and found out that the vulnerability had been used to target the lawyer.

WhatsApp had alerted the Justice Depatment as well, after this was reported by The Financial Times on Monday, 12 May itself.

WHAT THE NSO GROUP SAID

NSO, having advertised its products as being sold only to government agencies solely for the purpose of fighting terror and aiding law enforcement investigations, put out a statement on Monday, saying that it would investigate any “credible allegations of misuse.” It also said that it won't get involved in identifying a target for its technology.

Now, even though the company claims to have an in-house ethics committee that keeps a check on buyer countries based on their human-rights records, it has time and again sold to countries with questionable human-rights records like the United Arab Emirates, Saudi Arabia and Mexico, the NYT report said.

It would be advisable to download the latest WhatsApp version as well as update your phone’s operating system with the latest security patches available to avoid this vulnerability.

(With inputs from The New York Times.)

Liked this story? We'll send you more. Subscribe to The Quint's newsletter and get selected stories delivered to your inbox every day. Click to get started.

The Quint is available on Telegram & WhatsApp too, click to join.

Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!