A vulnerability discovered in Facebook's WhatsApp messaging application is being exploited to inject commercial spyware into Android and iOS phones by simply calling the target, reports The Financial Times . The spyware, developed by the secret group of the OSN of Israel, can be installed without a trace and without the target answering the call, according to security researchers and confirmed by WhatsApp. WhatsApp is urging its 1.5 billion global users to update the application immediately to close the security hole.
"WhatsApp encourages people to update to the latest version of our application, as well as keep their mobile operating system updated, to protect against possible targeted attacks designed to compromise information stored on mobile devices," WhatsApp said in a statement. release.
The vulnerability discovered in early May was exploited as recently as Sunday when a human rights lawyer with headquarters in the United Kingdom was attacked by the Pegasus flagship program of the OSN, according to researchers from the Citizens Laboratory. Once installed, Pegasus can turn on the camera and microphone of a phone, scan emails and messages, and collect the user's location data.
"This attack has all the characteristics of a private company that is known to work with governments to deliver spyware that supposedly assumes the functions of mobile phone operating systems," WhatsApp said in a statement provided to The Financial Times . "We have informed a number of human rights organizations to share the information we can and work with them to notify civil society."
The OSN says it sells Pegasus to governments and law enforcement agencies to help fight terrorism and crime. But that has not prevented the company's spyware from being used by countries, organizations and individuals that do not allow themselves to be intimidated by human rights. In 2016, the NSO spyware was implicated in an attack against the Emirati human rights activist named Ahmed Mansoor. In 2018, NSO's spyware was aimed at prominent television journalist Carmen Aristegui and 11 other people while investigating a scandal involving the Mexican president.
Investigators claim that NSO's powerful spyware has been used by up to 45 countries to assist in the prosecution of dissidents, journalists and other innocent civilians.