WhatsApp Urges Users to Update After Spyware Hacking Report

WhatsApp pressed users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into people’s phones using commercial Israeli spyware.

The Facebook app, owned by Facebook Inc., says it has found a weakness in early May that can attack attackers and enable the code to be run on mobile devices.

Whatsapp has said that it has changed its infrastructure last week to block these attacks, which has resulted in more number of users being identified as weak by improved cyberactors.

The company spokesman said on Tuesday, “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, so that protects against potentially targeted exploitation designed to compromise the information stored on mobile devices.”

This statement followed a report from the Financial Times, that the attackers were able to install surveillance software by the NSO Group of Israeli companies on iPhone and Android devices by calling targets using Apple’s phone call function.
Whatsapp says that this attack has features of a private organization that works with governments to provide spyware, which controls the control of mobile phone operating systems.

In a statement, the NSO Group said that its technology “has been licensed to authorized government agencies for the sole purpose of fighting crime and terrorism.” It also adds that it does not manage the system itself and “in no case shall NSO be involved in the management or identification of its technology goals, which is fully managed by intelligence and law enforcement.”

WhatsApp says it has notified the European Information Privacy Controller of Infringement and provided US law enforcement information for conducting investigations. It has briefed human rights organizations to work with them to inform civil society.

Ireland’s Data Protection Commission reported on Monday that a serious security vulnerability is reported to the WhatsApp controller and it is actively involved with the company to verify whether an EU user’s data has been compromised.

Wow…first Stuxnet, then this. It’s ostensibly for “security”. Security of whom? I have to write a full-on blog post about this – I’m too tired to write effectively right now (yet here I am). But this is incredibly scary. That a government can install malware on a user’s phone, and justify it like this, is terrifying because it allows bad actors to simply infiltrate a government instead of a company or criminal underground organization, which is much easier as governments are unbelievably slow-moving, too slow to react to such a threat. That is, without expanding power further and compounding the problem. I don’t believe governments are inherently evil, but people? People will take power and exploit it any way they can. Think about that. Some random creep on the street looking through your most private things. They can just get a job with the government or a government contractor, and voila! They have privileges that perverts and sociopaths 100 years ago could never have dreamed of.