BENGALURU: WhatsApp, the popular end-to-end encrypted owned by Facebook, has asked users to update to the latest version of the app following the discovery of a spyware to be injected into a user’s phone through its phone calling feature.
The spyware was developed by the Israeli cyber intelligence company NSO Group, according to a news report by the Financial Times, which first reported the vulnerability on Monday.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a WhatsApp spokesperson said in an email.
Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call, whether the recipient answered it or not. Logs of the incoming calls were often erased, according to the report. “The attack has all the hallmarks of a private company, reportedly that works with governments, to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said.
WhatsApp said the vulnerability was discovered this month, and that the company quickly addressed the problem internally. The company also alerted US law enforcement authorities to the exploit, and published a “CVE notice” — an advisory to other cybersecurity experts alerting them to “common vulnerabilities and exposures”.
The spyware does not affect or involve the app’s encryption.