A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said.
WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function.
The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs , said the spyware dealer, who was recently briefed on the WhatsApp hack.
The wikipedia entry on the NSO group is increasingly depressing:
According to the company, it provides “authorized governments with technology that helps them combat terror and crime”. Electronic Frontier Foundation and Citizen Lab, a digital rights group and a human rights group respectively, claimed, and proved with the help of Lookout Security, that software created by NSO Group was used in targeted attacks against human rights activists and journalists in several countries.