With the promise of “fast, simple, secure messaging and calling for free,” WhatsApp caught the attention of more than 1.5 billion mobile phone users in 180 countries, making it the most popular messaging app in the world today. WhatsApp has one billion daily active users sending 65 billion messages and 55 million video calls per day.
But the popularity of WhatsApp also made it a target for hackers. In early May this year, a breach by the Israeli company NSO Group allegedly installed the software in both iPhone and Android devices with a WhatsApp by calling users through the app.
Whether or not the call was answered, the software will still be installed and the call will instantly be removed from the log leaving no evidence of the caller. Here’s what we know about this attack:
NSO Group is known for Pegasus malware.
Known for many years as a “cyber arms dealer,” NSO Group sells software including the famous “Pegasus” that are supposedly limited to the use by intelligence agencies. According to the Financial Times, this software is capable of collecting contacts, browser history, location and emails from any mobile device user.
Once installed, it’s also capable of turning on a phone’s camera and microphone. In a statement, NSO Group said of Pegasus: “NSO’s technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror.”
WhatsApp was the first to notice the flaw.
In a statement for BBC, WhatsApp confirmed that its security team was the first to discover the breach and quickly shared the information with the US Department of Justice, some security vendors and several human rights groups earlier this month. “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said.
The hack has specific targets.
While WhatsApp still has no definite count on the number of users that got affected by the hack, it has confirmed that the breach is highly targeted. One of the people that were allegedly targeted by the malware was a London-based lawyer involved in a case against NSO Group, according to the New York Times.
This is why Amnesty International wants someone to take accountability for this hack, as it is putting a lot of people at risk for stolen information. The organization led a petition calling for Israel’s Ministry of Defense to revoke the license of NSO Group to export its merchandise.
In light of this recent breach, WhatsApp is urging all its users to update to the latest version of the app to fix the issue: “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
The company is assuring its users, however, that the issue is already handled and investigation will continue until the culprit is put to justice.