WhatsApp urges users to upgrade app after discovering spyware vulnerability

WhatsApp urges users to upgrade app after discovering spyware vulnerability.WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function.

Spyware was developed by the Israeli Cyber ​​Intelligence Company NSO Group according to the Financial Times, which was the first to report the vulnerability.

The attacker can call the user and infect the call, whether the recipient responds to the call or not, can infect the call. According to the report, the incoming call logs were often erased.

Whatsapp said that the vulnerability was discovered this month, and the company resolved the problem within its own infrastructure. An update to the app was published on Monday, and the company is encouraging users to upgrade with great care.

The company has also alerted US law enforcement for exploitation, and has published "CVE Notice", which is a recommendation for other cyber security experts to warn them of "general weaknesses and risks".

FT said that the vulnerability was used in the attack on the phone of a British attorney on May 12. The lawyer, who was not recognized by the name, was involved in a lawsuit against Mexican journalists, government critics and a group of Saudi Arab dissidents, brought against NSO.

In a statement, Whatsapp said, "In the attack, there are all the hallmarks of a private company, which allegedly works to deliver spyware, which handles the functions of the mobile phone operating system." "We have provided information to many human rights organizations to share information and work with them to inform civil society."

The NSO Group did not respond promptly to the Guardian's request for comment. The company told FT that it was investigating Whatsapp attacks.

NSO Group told FT, "In any situation, the NSO will not be involved in the operation or identification of its technology goals, which is fully operated by intelligence and law enforcement agencies." "NSOs can not or will not use their own technology to target any person or organization, including this person."

NSO limits its spyware, Pegasus sales to state intelligence agencies. The capabilities of spyware are absolute Once installed on the phone, the software can remove all data that is already on the device (text message, contact, GPS location, email, browser history, etc.) using the phone's microphone and camera to record In addition to creating new data, according to a 2016 New York Times report, the user's surroundings and ambient sounds

Whatsapps are around 1.5bn users worldwide. The messaging app uses end-to-end encryption, making it popular and secure for workers and dissidents. Pegasus does not affect or involve the spyware app's encryption.