The next time you make an 'encrypted' WhatsApp call, remember that there is still a possibility of you injecting a malicious code into other person's phone. The vulnerability that allowed spyware to be transferred via WhatsApp call has now been fixed. The spyware called Pegasus, which is allegedly used by the Israeli government, was developed by the NSO Group and could be transmitted even if a user did not answer the WhatsApp call. The spyware Pegasus allows an attacker to clandestinely take complete control of an infected iOS device, including cameras, microphones, files and text messages.
In response to the malware, WhatsApp has released an update. WhatsApp has asked people to upgrade to the latest version of the messenger app and also keep their mobile OS up to date. The Facebook-owned company said the vulnerability was discovered early this month, and that it quickly addressed the problem by making necessary changes to its infrastructure. The company also said that only a small number of users were targeted.
WhatsApp has also alerted human rights groups and the US Justice Department.
"This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society", WhatsApp said in a statement to FT.
Meanwhile, Amnesty International is planning to take a legal action against Israeli Ministry of Defence (MoD) to demand that it revokes the export license of NSO Group. According to the human rights organisation, NSO Group's spyware products have been used in attacks on human rights defenders around the world.
"NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw," said Danna Ingleton, Deputy Director of Amnesty Tech,.
However, NSO denied any involvement in the attack. "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology," the company said.
Edited By: Udit Verma
Also Read: WhatsApp at 10 - A journey of ups and downs