Users of Facebook-owned messaging service WhatApp are being urged to upgrade their apps after a vulnerability allowing hackers to install spyware onto phones – by just calling them – was found.
A security fix has been rolled out to the app which is used by 1,5bn people following the discovery that government-grade spyware could be remotely installed ontop Android phones and iPhones.
The Financial Times (FT) states the malicious code was developed by the “secretive Israeli company NSO Group”, and could be transmitted even if users did not answer their phones.
The company told the FT: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.
NSO would not, or could not, use its technology in its own right to target any person or organisation.”
WhatsApp said teams of engineers had worked “around the clock in San Francisco and London to close the vulnerability.”
According to the FT, WhatsApp began rolling out a fix to its servers on Friday last week and issued a patch for customers on Monday.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.
We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.” Said WhatsApp