WhatsApp Calls Used to Inject Spyware on Mobile Phones

Hackers have reportedly been injecting Israeli spyware onto smartphones via the popular Facebook-owned messaging service WhatsApp. The surveillance software, named Pegasus, was developed by Israeli firm NSO Group and can access an iPhone with a single missed voice call on WhatsApp. NSO claims that it carefully vets its customers; the company’s software is intended for government agencies to combat crime and terrorism. While it is currently unknown how many users may have been affected at this point (the problem was first discovered in early May), WhatsApp says it has created a patch to address the vulnerability.

The attacks “apparently leveraged a bug in the audio call feature of the app to allow the caller to allow the installation of spyware on the device being called, whether the call was answered or not,” reports TechCrunch.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” explained the company in a statement.

WhatsApp is immensely popular worldwide, with 1.5 billion monthly users. Part of its appeal is the promise of strong security and privacy based on end-to-end encryption technology. The company contacted the U.S. Department of Justice for assistance with an investigation after the vulnerability was discovered.

WhatsApp believes that human rights activists may have been targeted by the abuse of such surveillance tech. “Cybersecurity experts said the vast majority of users were unlikely to have been affected,” notes Yahoo.