The messaging platform WhatsApp said it had patched a vulnerability that allowed spyware to be installed via a missed call. The company assumes only selected users were targeted by an “advanced cyber actor.”
The number of affected users was unknown, but the number was at least in the dozens, a spokesman for the company said late Monday.
Media outlets, including the Financial Times and TechCrunch, identified the spyware as the product of Israel’s NSO group. The group is famous for its software dubbed “Pegasus” which can hack smartphones and activate their microphones and cameras, collect location information and send out emails and texts.
While WhatsApp did not immediately confirm NSO was linked with the attack, they also said they were “not refuting” any of the media coverage.
The messaging platform also said the attack bore “all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”
All systems targeted
WhatsApp is a Facebook subsidiary with over 1.5 billion users and boasts end-to-end transcription protecting its users’ privacy. On Monday, the company said the malware was discovered in early May.
A spokesman for the company said the flaw was detected while “our team was putting some additional security enhancements to our voice calls.” Its engineers found that affected users “might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped.”
The hack targeted all commonly used smartphone operating systems, including Apple’s iOS, Google’s Android, Microsofts Windows Phone and Samsungs Tizen.
The company said they have provided information to US authorities to help with the investigation.
Human rights lawyer attacked
Many journalists, dissidents, activists, and lawyers have reported attacks by NSO’s spyware. One of the alleged targets was a close friend of the murdered Saudi journalist Jamal Khashoggi. The Canada-based dissident and several Mexican activists are suing the company in an Israeli court.
Amnesty International, an international human rights watchdog, claims one of its staffers was targeted with the Israeli-made spyware last year. Following the Monday announcement, Amnesty International said it would join the effort to force Israel’s defense ministry to suspend NSO’s export license.
A UK-based human rights lawyer told the AP news agency that he was targeted in the latest attack. The activist, who wanted to stay anonymous for professional reasons, said he had received several suspicious missed calls over the past months, the most recent one on Sunday.
According to the Financial Times, the Israeli-based NSO do not use their software themselves. Their tools are usually operated by state security agencies.