WhatsApp has asked users to update their systems after a malicious attack. The cyber attack is complete with all the hallmarks of a “government-sponsored surveillance” attempt.
The messaging and audio app owned by Facebook said Monday that malicious hackers were able to install spyware on Android smartphones and Apple iPhones and is asking users to make sure their security is up to date. But more alarming, is that this looks like the government wants to spy on its own people who use the WhatsApp app. “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” a WhatsApp spokesperson told MarketWatch.
The surveillance software could be remotely installed on a user’s phone by calling them over the internet (using “VOIP” or voice over internet protocol). Earlier this month, WhatsApp identified and fixed a vulnerability that could enable an attacker to add spyware to devices. –MarketWatch
Because we aren’t already being spied on by the government enough, right? “We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer,” said Citizen Lab, a research and development group at the Munk School of Global Affairs & Public Policy in the University of Toronto in a tweet about the incident.
WhatsApp has just pushed out updates to close a vulnerability. We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer. Now is a great time to update your WhatsApp software https://t.co/pJvjFMy2aw https://t.co/e8VQUraZWQ
— Citizen Lab (@citizenlab) May 13, 2019
Many users complained about the notifications they received from WhatsApp on Monday to update their software. They said that the notifications did not inform them of any security flaw, which is a big deal, because the flaw would have allowed the hacker to read a user’s text messages. WhatsApp described the exploit as a “targeted surveillance attack.” The malicious call used to install the spyware may not have even shown up on the user’s phone as a missed call, the paper added.
WhatsApp’s website states that privacy and security are of a big concern to the company. “Privacy and security is in our DNA.” It adds, “Some of your most personal moments are shared with WhatsApp, which is why we built end-to-end encryption into our app. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.”
The Financial Times alleged that the software used was developed by the NSO Group, an Israeli-based security company. NSO Group denied the allegations in a statement: “NSO’s technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror.” It added, “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”