WhatsApp has discovered a new vulnerability that could have allowed spyware to be installed on phones. WhatsApp has announced that hackers were able to remotely install surveillance software on phones using this vulnerability.
WhatsApp has said that the attack was conducted by “an advanced cyber actor”. In a statement, WhatsApp said: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
Through this vulnerability, attackers could inject malicious code into a user’s phone through the app’s audio call feature. The vulnerability could let spyware in, even though a call went unanswered. According to a report by the Financial Times, this attack was developed by an Israeli security firm called NSO Group.
WhatsApp’s security team was the first to identify the threat and was swift in sharing this information with human rights groups, select security vendors and the US Department of Justice earlier this month.
WhatsApp has over 1.5 billion users around the world and it is now urging its user base to avail the latest update as soon as possible.