The US company WhatsApp
Owned by Facebook, on Tuesday encouraged its users to update their messaging application after finding a security flaw that allowed a spyware to access mobile phones.
The vulnerability – first reported by the Financial Times, and repaired in the latest WhatsApp update – allowed hackers to insert an evil program into. Cell phones by calling the phone in question through the application, which is used by some 1.5 billion people .
“WhatsApp encourages people to download the latest version of our application, as well as to have updated the operating system of their phones. To protect against potential security attacks designed.
According to the Financial Times, which cites a spyware distributor, the tool was developed by a dark, Israeli-based firm called NSO Group, accused of helping governments from the Middle East to Mexico spy on activists and journalists.
Security experts indicated that the malicious code bears similarities with other technologies developed by the firm, says The New York Times.
This new security vulnerability – which affects Android devices and Apple iPhones, among others – was discovered earlier this month and WhatsApp quickly set about solving it, launching an update in less than 10 days.
The company did not comment on the number of users affected or who were the object of the attack, and said it had reported the matter to the US authorities.
He also informed the Irish regulator of a “serious security breach”, according to the Data Protection Commission (CPD).
“WhatsApp is still investigating to see if users of WhatsApp in the European Union have been affected by this incident,” the CPD said in a statement.
This leak is the latest in a series of problems for Facebook, the owner of WhatsApp, which has faced strong criticism for allowing the personal data of its users to be used by market research companies.
Facebook has also been questioned for its slow response to Russia’s use of the platform to spread false information during the US presidential campaign of 2016.
– Very invasive program –
The spy program that affected WhatsApp is sophisticated and “would be available only for advanced and highly motivated actors,” the company said, adding that “it targeted a select number of users.”
“This attack has all the hallmarks of a private company that works with some governments in the world,” according to the first investigations, he continued, although he did not give the name of the firm.
WhatsApp reported on the issue to human rights organizations, but did not identify them either.
The Citizen Lab, a research group at the University of Toronto, said in a tweet that it believed that hackers tried to attack a human rights, Lawyer last Sunday using this security flaw, but WhatsApp stopped them.
NSO Group gained notoriety in 2016 when experts accused him of helping spy on an activist in the United Arab Emirates.
Its best known product is Pegasus, a very invasive program that can remotely activate the camera and microphone of a certain phone and access its data.
The firm said on Tuesday that it only sells this program to governments to “fight against crime and terrorism.”
NSO Group “does not operate the system, and after a rigorous process of study and authorization, security and intelligence agencies determine how to use technology for their public safety missions,” he said in a statement to AFP.
“We investigate any credible claim of misuse and, if necessary, take action, including the deactivation of the system,” he concluded.