WhatsApp pressed users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into people’s phones using commercial Israeli spyware.
The Facebook app, owned by Facebook Inc., says it has found a weakness in early May that can attack attackers and enable the code to be run on mobile devices.
Whatsapp has said that it has changed its infrastructure last week to block these attacks, which has resulted in more number of users being identified as weak by improved cyberactors.
The company spokesman said on Tuesday, “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, so that protects against potentially targeted exploitation designed to compromise the information stored on mobile devices.”
This statement followed a report from the Financial Times, that the attackers were able to install surveillance software by the NSO Group of Israeli companies on iPhone and Android devices by calling targets using Apple’s phone call function.
Whatsapp says that this attack has features of a private organization that works with governments to provide spyware, which controls the control of mobile phone operating systems.
In a statement, the NSO Group said that its technology “has been licensed to authorized government agencies for the sole purpose of fighting crime and terrorism.” It also adds that it does not manage the system itself and “in no case shall NSO be involved in the management or identification of its technology goals, which is fully managed by intelligence and law enforcement.”
WhatsApp says it has notified the European Information Privacy Controller of Infringement and provided US law enforcement information for conducting investigations. It has briefed human rights organizations to work with them to inform civil society.
Ireland’s Data Protection Commission reported on Monday that a serious security vulnerability is reported to the WhatsApp controller and it is actively involved with the company to verify whether an EU user’s data has been compromised.