WhatsApp, the leading OTT messaging service with more than 1.5 billion active users, has confirmed that an “advanced cyber actor” exploited a critical vulnerability to install spyware on some users’ devices.
Because of its massive global user base, WhatsApp is a frequent target for both independent and state-sponsored attackers. In this incident, the attackers executed a remote exploit that delivered surveillance software to phones via specially crafted incoming calls. Targets did not need to answer the call for the payload to be delivered.
Engineers investigating the breach said some victims may have seen one or two missed calls from an unfamiliar number; in other cases, the missed-call notification was removed. Once the exploit succeeded, attackers could gain extensive control over the device’s operating system and data.
WhatsApp discovered the vulnerability and issued a fix earlier this month. Users are strongly advised to update the app to the latest version to ensure they are protected against this and similar threats.
Researchers at Citizen Lab, University of Toronto, reported that an attempted exploitation was blocked as recently as Sunday evening. Citizen Lab worked with WhatsApp to investigate the activity and confirm that the patch addressed the issue.
Although the identity of the attacker has not been publicly confirmed, forensic evidence indicates the spyware used in the campaign was developed by NSO Group, an Israeli company that creates surveillance tools for government and law enforcement customers.
NSO Group responded by saying that it does not operate or select targets for its technology, asserting that its software is operated exclusively by intelligence and law enforcement agencies. The company stated it would not, and could not, independently target individuals or organizations.
NSO’s spyware has previously been linked to surveillance of lawyers, dissidents, human rights defenders and others. Past investigations have tied tools from the company to high-profile abuses, prompting ongoing concern from privacy and human rights groups.
Danna Ingleton, Deputy Director of Amnesty International Tech, criticized the firm on social media, saying that NSO sells powerful surveillance tools to governments with poor human rights records, enabling them to track activists and critics.
Interested in hearing industry leaders discuss these kinds of threats and the practical responses organizations can take? Consider attending industry events that bring together cybersecurity and cloud professionals to learn from experts and share real-world experiences.