Israeli spyware used by intelligence agencies has been installed on phones of WhatsApp users because of a loophole in the app’s phone call feature, the Financial Times newspaper reported on Tuesday, citing the company and the spyware dealer.
In early May, WhastApp discovered that unknown attackers had injected spyware into phones by making calls through the app. Israeli company NSO Group, the developer of the program, said that the spyware could access phones even if the owners did not answer the call, the outlet reported.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society,” WhastApp said, as quoted by the newspaper.
A source familiar with the matter told the outlet that the messenger could not at that stage say exactly how many devices had been targeted.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not, or could not, use its technology in its own right to target any person or organisation,” the spyware dealer said.
WhastApp began fixing the problem after detecting the vulnerability and released a patch on Monday, the newspaper said, adding that the company had also reported the incident to the US Justice Department.