Hackers exploited WhatsApp flaw to install spyware
San Francisco: A security flaw in WhatsApp, one of the most popular messaging apps in the world, allowed sophisticated attackers to install spyware on phones, the company said Tuesday, in the latest trouble for its parent Facebook.
The vulnerability -- first reported by the Financial Times, and fixed in the latest WhatsApp update -- allowed hackers to insert malicious software on phones by calling the target using the app, which is used by 1.5 billion people around the world.
The FT cited a spyware dealer as saying the tool was developed by a shadowy Israel-based firm called the NSO Group, which has been accused of helping governments from the Middle East to Mexico snoop on activists and journalists.
Security researchers said the malicious code bore similarities to other tech developed by the firm, according to The New York Times.
The latest exploit -- which impacts Android devices and Apple's iPhones, among others -- was discovered earlier this month and WhatsApp scrambled to fix it, rolling out an update in less than 10 days.
"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a spokesperson said in a statement to AFP.
The firm did not comment on the number of users affected or who targeted them, and said it had reported the matter to US authorities.
The breach is the latest in a series of issues troubling WhatsApp's parent Facebook, which has faced intense criticism for allowing its users' data to be harvested by research companies and over its slow response to Russia using the platform as a means to spread disinformation during the 2016 US election campaign.
The WhatsApp spyware is sophisticated and "would be available to only advanced and highly motivated actors", the company said, adding that a "select number of users were targeted".
"This attack has all the hallmarks of a private company that works with a number of governments around the world" according to initial investigations, it added, but did not name the firm.
WhatsApp has briefed human rights organizations on the matter, but did not identify them.
The Citizen Lab, a research group at the University of Toronto, said in a tweet it believed an attacker tried to target a human rights lawyer as recently as Sunday using this flaw, but was blocked by WhatsApp.
The NSO Group came to prominence in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates. Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target's phone camera and microphone, and access data on it.
The firm said Tuesday that it only licenses its software to governments for "fighting crime and terror".
The NSO Group "does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions", it said in a statement to AFP.
"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Will vacate one of two assembly seats won in 10 days: BJP''s Suvendu
Kolkata (PTI): BJP leader Suvendu Adhikari, who defeated West Bengal Chief Minister Mamata Banerjee in Bhabanipur and secured Nandigram for three times in a row in the recent assembly polls, said on Wednesday that he would vacate one of the two constituencies within 10 days.
Adhikari also asserted that the party's central leadership would decide which constituency he would retain.
"I will vacate one seat within 10 days. The party will decide which one I retain. I will not forget my responsibility towards the people of Bhabanipur and Nandigram," he said.
Adhikari on Monday defeated Banerjee in Bhabanipur by over 15,000 votes, puncturing what was long seen as her safest political refuge and delivering a decisive psychological blow to the TMC, amid a sweeping BJP surge across West Bengal.
Addressing party workers and supporters in Nandigram in Purba Medinipur district, the BJP leader appealed to them not to take out victory processions immediately and instead maintain peace.
"Do not take out victory rallies now. Maintain peace and discipline. Celebrate after May 9, after taking permission," he told party workers.
State BJP president Samik Bhattacharya on Wednesday announced that the oath-taking ceremony of the new government will be held on May 9 at Brigade Parade Ground.
Referring to alleged attacks on BJP workers during the TMC regime, Adhikari said he would not forget the “atrocities" faced by them and assured them of taking appropriate action against perpetrators through legal processes.
"I was part of the 2011 ‘poribartan’ (change), and now I am part of the real change. I offer my gratitude to the people of Nandigram," Adhikari said.
He was referring to the TMC's victory in 2011 when the Mamata Banerjee party dismantled the 34-year Left Front regime in the state.
Adhikari offered prayers at a Hanuman statue in Nandigram and remembered the BJP workers, who had died in political violence.
"We will work in such a way that the BJP government in Bengal stays for 100 years," he said, expressing hope that the BJP’s vote share in the state would rise from the current 46 per cent to 60 per cent in future elections.
The BJP leader also assured residents of Nandigram of improved drinking water supply and better hospital and education infrastructure.
