WhatsApp reported a serious security breach

The vulnerability – reported for the first time by the Financial Times and repaired in the latest update from WhatsApp – has allowed hackers to insert a malicious program into phones by calling the phone in question via the Internet. application, used by some 1.5 billion people. .

According to the Financial Times, which quotes a spyware distributor, the tool was developed by an obscure company based in Israel called the NSO Group, accused of helping Middle East governments in Mexico to spy on spyware. activists and journalists.

Security experts said the malicious code has similarities with other technologies developed by the company, the New York Times reports.

This new security vulnerability, which includes Android devices and Apple iPhones, was discovered earlier this month and WhatsApp quickly tackled the issue by launching an update in less than 10 days.

"WhatsApp encourages users to download the latest version of our app, as well as to keep their phone's operating system up-to-date, in order to protect themselves from possible security attacks intended to compromise stored information. on the mobile phone, "he said. a spokesperson in a statement.

The company did not comment on the number of users affected or attacked and reported reporting the problem to US authorities.

This leak is the latest in a series of problems from Facebook, owner of WhatsApp, which has faced fierce criticism for allowing the use of its users' personal data by study companies. market.

Facebook was also questioned for its slowness in the use of the platform by Russia to spread false information during the 2016 US presidential campaign.

Very invasive program

The spy program that affected WhatsApp is sophisticated and "would only be available to advanced and highly motivated actors," the company said, adding that it "targeted a limited number of users. "

"This attack has all the features of a private company that works with some governments around the world," said the initial investigations, he continued, without giving the company's name.

WhatsApp reported the problem to human rights organizations, but did not identify them either.

The Citizen Lab, a research group at the University of Toronto, said in a tweet that he was confident that hackers had attempted to attack a human rights lawyer Sunday using this security hole, but WhatsApp stopped them.

The NSO group gained notoriety in 2016 when experts accused it of helping spies an activist in the UAE.

His best known product is Pegasus, a very invasive program that allows you to remotely activate the camera and microphone of a certain phone and access its data.

The firm said on Tuesday that it was selling this program only to governments to "fight crime and terrorism".

The NSO group "does not manage the system and, after a rigorous study and authorization process, security and intelligence agencies determine how to use technology for their public security missions," he said. he said in a statement to AFP.

"We investigate any credible allegation of abuse and, if necessary, take action, including disabling the system," he concluded.