ISLAMABAD: Vulnerability in the popular messaging app Whatsapp allowed hackers to install surveillance software on to phones and other devices.
The messaging app, which is owned by Facebook and has around 1.5 billion users globally, confirmed the news and urged the users to update the software. However, the company emphasised that the surveillance targeted a select number of people and was done by an “advanced cyber actor.”
A recent report in Financial Times noted that the recent surveillance attack was developed by an Israeli security firm NSO group. The company has been marketing its products in Middle East and Western countries. One of its flagship software, Pegasus can turn on the microphone and camera of the phone, go through emails and messages and also collect location data.
Explaining how the hackers were able to conduct surveillance using Whatsapp, the report noted that hackers would call the targets over Whatsapp that would automatically install the surveillance software on to their phones even if they did not pick up the call. Also, the sophistication of the attack could be gauged from the fact that the target would not be able to find the calls in the call logs.
The surveillance software could be installed on to both I phones and android phones.
The vulnerability was first discovered by Whatsapp in early May. However, the company said that it could not be ascertained how many people were targeted.
Whatsapp is believed to have informed US Department of Defence last week. It also rolled out patches for its servers last week and fixed the loopholes.
Multiple news outlets also reported that a UK based human rights lawyer was targeted using the same vulnerability on Sunday. The lawyer, whose name is withheld, has been helping Mexican journalists and a Saudi dissident in Canada. He has also been involved in suing the security firm NSO in Israel alleging that the company is also liable for the abuse of its software by clients.
However, researchers at Citizen Lab noted that the attack was unsuccessful apparently owing to recent updates carried out by Whatsapp.
Meanwhile, NSO group said that it was investigating the issue. In a statement the company said that its technology was licensed authorised government agencies for only fighting crime and terror.
It further said: “The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”
Image Courtesy: BBC.com