HACKERS installed surveillance software on phones using a major WhatsApp flaw just by calling them, it was revealed last night.
The Facebook-owned messaging app said the attack was carried out by “an advanced cyber actor”.
Alamy WhatsApp has called on its 1.5billion global users to update their app after discovering hackers had accessed some users’ devices and installed surveillance software just by calling them
Worrying Samsung Galaxy S10 flaw allows hackers to tricks its fingerprint scanner using a 3D printed finger
It used software developed by Israeli cyber arms dealer NSO Group, according to the Financial Times.
The software was installed on targets’ devices using the WhatsApp voice calling function.
Even if the call was not picked up, the software would be installed and the call would even be deleted from the device’s call log.
WhatsApp’s security team spotted the flaw and rolled out a fix on Friday.
Only a “select number” of users were targeted although the exact number is not yet known, WhatsApp said.
It yesterday asked its 1.5billion global users to update their apps as a precaution.
Human rights groups, some security companies and the US Department of Justice were informed of the glitch earlier this month, WhatsApp told the BBC.
In a statement, the firm said: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
NSO Group’s flagship Pegasus software can collect intimate data from a target device.
I can even access a device’s microphone and camera as well as gather location info.
In a statement, the group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.
“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.
“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.
CRIME DOESN’T PAY Nose cutting and death by ELEPHANT – bizarre ancient punishments revealed CORE OF THE PROBLEM? Apple engineer says pressure to design iPhone is reason I’m divorced RevealedTASTE THE RAINBOW iPhone 11 ‘coming in TWO new colours’ we’ve never seen from Apple before QuizTHE PRICE IS RIGHT Can you guess the price of classic tech from 1980s Argos catalogues? SPACE ERASE Comet could wipe out life on Earth with just six months’ notice, expert warns RevealedSPACE ROCKS The Moon is SHRINKING – causing ‘Moonquakes’ and creating 1000s of lunar cliffs
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.
“NSO would not or could not use its technology in its own right to target any person or organisation.”
Danna Ingleton from Human rights group Amnesty International said: “There needs to be some accountability for this – it can’t just continue to be a wild west, secretive industry.”
Alamy It is not clear how many devices were affected, but WhatsApp said the attack was ‘highly targeted’
Terrifying Internet Explorer bug lets hackers steal your files even if you don’t use it
We pay for your stories! Do you have a story for The Sun Online news team? Email us at firstname.lastname@example.org or call 0207 782 4368. You can WhatsApp us on 07810 791 502. We pay for videos too. Click here to upload yours.