WhatsApp discovers spyware used to attack a very select group of users

WhatsApp reported that some hackers have successfully installed a software with a remote monitoring system in cell phones and other devices using a vulnerability in the IM program.

The company, which belongs to Facebook, revealed that the attack discovered this month targeted a "limited number" of users and was orchestrated by an advanced cyber actor.

Last Friday, a patch was released to fix the security issue.

• WhatsApp limits the number of people to whom you can forward messages
• Why WhatsApp blocked the account of Bolsonaro's son and that of thousands of other users on the eve of elections

The British newspaper Financial Times reported that the software The employee involved in the attack was developed by the Israeli security company Grupo NSO. This company denied being behind the program.

On Monday, WhatsApp asked its 1.5 billion users to update the application, as an added precaution.

How did they use the security hole?

The the hackers they used the WhatsApp voice call feature to call the subjects targeted by the attack.

And although the receiver did not pick up, the software it was installed and, according to the FT, the call was disappearing from the phone's history.

WhatsApp told the BBC that its security team was the first to identify the problem and share information with human rights groups, some cybersecurity providers, and the US Department of Homeland Security. Justice.

"The attack looks like a private company that has provided the government with a spy program taking over the functions of the phone's operating system," Whatsapp said in a brief note to reporters released Monday.

The company also issued an advisory to security specialists, describing the vulnerability as "a vulnerability due to a buffer overflow in the calling function that allowed the execution of a code via the sending of a code. 'a series of SRTCP packets to the goal.'

Who is behind the program?

The NSO Group is an Israeli company that has been identified in the past as a cyber-dealer of weapons.

Its flagship program, Pegasus, can collect private data on a device, including information about the camera's microphone and camera, as well as its location.

• What is the "obscure" capitalism of the surveillance of Facebook and Google and why they compare it to the Spanish conquest

In a statement, the INS said that it was "a technology company registered and licensed by government agencies for the sole purpose of fighting crime and terrorism" .

"The company does not use the systems it provides, and after a rigorous selection process, the intelligence and police departments determine how they use technology for their public safety missions.

"We investigated the credible signs of abuse and, if necessary, acted, including the possibility of canceling the system," he added.

"Under no circumstances will the NSO be involved in the exploitation or identification of targets for its technology, which is operated exclusively by intelligence and security agencies, the NSO does not Would not use or could not use his technology unilaterally against a person or organization. "

Who was the goal?

According to WhatsApp, it is too early to know how many users have been affected by this vulnerability, although he pointed out that it was a very small group.

According to the latest figures published on Facebook, WhatsApp has about 1.5 billion users.

The human rights organization Amnesty International (AI), which claimed to have been the target of programs created by the NSO group in the past, said that this attack was one of the most of those who were the object of fear for as long as possible.

"They are able to infect your phone without you doing anything"said Danna Ingleton, Deputy Director of the Technology Program at Amnesty International.

Ingleton believes that it is proven that these technologies are used by different regimes to monitor prominent activists and journalists.

"It is necessary that responsibilities be required for this, it can not continue to be the wild west," he said.

On Tuesday, a hearing was held in Tel Aviv at the request of Amnesty International asking the Israeli government to withdraw its product export license to the NSO.

You can now receive notifications from BBC News World. Download the new version of our application and activate them to not miss our best content.

• Do you already know our YouTube channel? Subscribe!