WhatsApp, one of the most favored messaging apps in the world with about 1.5 billion users worldwide,confirmed a targeted spyware attack on its platform.It was discovered in early May that attackers were able to install surveillance software on to both iPhone and Android phones by ringing up targets using the app’s phone call function.
The reason for this was that there was a Security flaw in Whatsapp that acted as a vulerability , which made it easy for the hackers to insert malicious software on user’s phone by calling the target using the app.
This latest attack impacts Apple’s iPhone and Android devices among others.
It is a matter of grave concern as WhatsApp is a secure communication app as the messages shared on this platform are end-to-end encrypted, which means they should be displayed in a readable form on sender or recipient’s device only.But the surveillance software used in spyware will let an attacker read messages on potential target’s device. Billions of people store information which is at risk from such attacks that are designed to compromise users data stored on mobile device.
According to the spyware dealer,the surveillance software involved was developed by Israeli firm NSO Group which has been accused of helping governments of Mexico and Middle East to pry on Journalists and activists.Similarities between the malicious codes with other tech which have been developed by the firm have been found by the researchers.
WhatsApp encouraged its users to upgrade to latest version of its app, and to also keep theri mobile operating system(OS) updated as an added protection to safegourd against potential targeted exploits.
NSO group gained prominence in 2016 when it was accused by several researchers of helping to spy on and activist in United Arab Emirates(UAE). It has been referred as ‘cyber-arms dealer’in the past. NSO’s highly invasive tool ‘Pegasus’ is its flagship software.It has the capacity of switching on a target’s phone camera and microphone, gather location data and can even access and collect data from it.
But the firm denied any participation in potential software.