WhatsApp reveals major security flaw that could let hackers access phones

WhatsApp has revealed a vulnerability in its system that could have allowed hackers access to its users' phones, with a London-based human rights lawyer poss...

Posted: May 14, 2019 9:01 AM

WhatsApp has revealed a vulnerability in its system that could have allowed hackers access to its users' phones, with a London-based human rights lawyer possibly among the targets.

The encrypted messaging service, owned by Facebook, said Monday that it had discovered and fixed the vulnerability the attackers had sought to exploit. The hackers could implant malicious code on a victim's phone by placing a voice call to the victim on WhatsApp.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems," a WhatsApp spokesperson said in a statement.

While WhatsApp did not name the private company, a source familiar with the investigation into the attack said that company is NSO Group, an Israeli cyber company that has developed a powerful piece of malware designed to spy on its victims.

In a statement provided to CNN on Monday, NSO said, "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies."

NSO said its technology was licensed to government agencies "for the sole purpose of fighting crime and terror," adding that those agencies determine how the technology is used without any involvement from the company.

The Financial Times first reported details of the vulnerability.

Human rights activists targeted?

Among those believed to have been targeted via WhatsApp is a London-based human rights lawyer.

On Sunday, the lawyer received two calls that John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab believes were part of the attack. Citizen Lab is an academic security research group that investigates digital threats to civil society groups and online freedom of expression.

The apparent attempt to breach the lawyer's phone was not successful, Scott-Railton said, as WhatsApp had patched the vulnerability by Sunday.

WhatsApp had reached out to Citizen Lab and a number of other groups that work with human rights defenders before publicly acknowledging the attack.

The collaboration between WhatsApp and Citizen Lab helped identify the attempted attack on the London-based lawyer. The lawyer does not want to be named, Scott-Railton told CNN.

Responding specifically to the apparent targeting of the lawyer, NSO Group said in a statement, "NSO would not or could not use its technology in its own right to target any person or organization, including this individual."

Amnesty International filed a petition at the district court of Tel Aviv on Tuesday demanding Israel withdraw NSO's export license, Amnesty's lawyer told CNN Business.

The group claims that NSO software "threatens the rights to privacy and to freedom of opinion and expression, in breach of Israel's obligations under international human rights law."

It said one of its researchers had been targeted via a WhatsApp message containing NSO's spying software in 2018 while working on a campaign to release six women's rights activists detained in Saudi Arabia.

How to update your WhatsApp

WhatsApp said while it has fixed the vulnerability the attackers were exploiting, it is also encouraging users to update to the latest version of the WhatsApp app "out of an abundance of caution." The company said it has also contacted US law enforcement.

Ireland's Data Protection Commission, which supervises Facebook's activities in Europe, said it had been informed of the vulnerability on Monday, adding it was unclear at this stage whether any EU user data had been affected.

Still, it too urged users to ensure the update WhatsApp on their devices.

Here's how:

On an iPhone

-- Open the App Store and select updates.

-- Select "WhatsApp" and Update.

On an Android device

-- Open the Play Store and tap on the 3 lines in the upper left corner.

-- Select "My apps & games" from the menu.

-- Select "WhatsApp" and select Update.

Terre Haute
Clear
31° wxIcon
Hi: 31° Lo: 26°
Feels Like: 21°
Robinson
Clear
32° wxIcon
Hi: 33° Lo: 27°
Feels Like: 23°
Indianapolis/Eagle Creek
Clear
31° wxIcon
Hi: 32° Lo: 26°
Feels Like: 21°
Paris
Clear
29° wxIcon
Hi: 31° Lo: 24°
Feels Like: 18°
Mattoon/Charleston
Clear
30° wxIcon
Hi: 30° Lo: 25°
Feels Like: 20°
Terre Haute
Clear
31° wxIcon
Hi: 31° Lo: 25°
Feels Like: 21°
Terre Haute
Clear
31° wxIcon
Hi: 31° Lo: 25°
Feels Like: 21°
Colder but still sunny!
WTHI Planner
WTHI Temps
WTHI Radar

Latest Video

Image

All You Need to Know for Friday

Image

Friday: Mostly sunny, breezy and colder. High: 30°

Image

A cold and wintry weekend ahead

Image

Crime Stoppers: The gift card thief

Image

Crews investigate Clinton house fire

Image

COVID-19 vaccine update for Vigo County

Image

TH South Bloomington South

Image

Cathedral TH North

Image

Where is the snow?

Image

Local author works to raise money for Terre Haute Humane Society - here's how you can help

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 1086333

Reported Deaths: 20423
CountyCasesDeaths
Cook4391189148
DuPage699001160
Will58974881
Lake53926901
Kane46512696
Winnebago26504412
Madison24822471
St. Clair22624433
McHenry21916251
Champaign15667104
Peoria15231250
Sangamon14658236
McLean13350168
Tazewell12087249
Rock Island12027304
Kankakee11593185
Kendall981981
LaSalle9595248
Macon8893182
Vermilion7634115
DeKalb756592
Adams7442123
Williamson6247117
Boone558778
Whiteside5317175
Clinton510786
Coles473982
Ogle465171
Knox4640146
Grundy444554
Effingham433470
Jackson424470
Henry404477
Marion4026113
Macoupin391396
Franklin388470
Randolph374970
Livingston369768
Monroe362871
Stephenson356777
Jefferson3493104
Morgan327492
Woodford327067
Logan311557
Montgomery310548
Lee307674
Bureau301984
Christian300775
Fayette293653
Perry273961
Iroquois260558
Fulton258149
Jersey225859
Lawrence219030
McDonough216451
Saline204254
Douglas202134
Union200432
Shelby199135
Crawford179434
Cass176631
Bond176224
Warren159144
Pike157148
Richland155345
Wayne152843
Hancock151134
Jo Daviess150524
Clark150133
Washington146925
Edgar146553
Carroll145133
Ford138851
Moultrie138728
White136330
Clay132240
Greene125743
Johnson122415
Wabash119314
Piatt118216
Mason118041
Mercer117830
De Witt116327
Cumberland110027
Jasper104715
Massac104732
Menard90210
Hamilton72017
Marshall68214
Schuyler63216
Pulaski6203
Brown61311
Stark49520
Edwards4709
Henderson45616
Calhoun4464
Scott3961
Alexander3957
Gallatin3924
Putnam3522
Hardin3078
Pope2533
Unassigned1060
Out of IL320

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 601937

Reported Deaths: 9593
CountyCasesDeaths
Marion831111322
Lake44972678
Allen32498545
Hamilton29039315
St. Joseph27133380
Elkhart24291343
Vanderburgh19160246
Tippecanoe17799130
Johnson14871292
Porter14631167
Hendricks14188247
Madison10851219
Vigo10636178
Clark10520137
Monroe9299110
Delaware9055134
LaPorte8972160
Howard8134142
Kosciusko800382
Warrick665197
Hancock6575103
Bartholomew637999
Floyd6322109
Wayne6076161
Grant5937113
Dubois552578
Boone544967
Morgan530594
Henry503464
Marshall499884
Cass478663
Dearborn470745
Noble468357
Jackson420747
Shelby410781
Lawrence387478
Clinton370642
Gibson365559
DeKalb344264
Montgomery340754
Harrison340544
Knox333139
Miami317344
Steuben311545
Whitley301725
Wabash299747
Adams299035
Ripley296545
Putnam292049
Huntington288659
Jasper287634
White270340
Daviess266073
Jefferson257938
Fayette245148
Decatur244883
Greene238162
Posey236927
Wells233350
LaGrange226361
Scott221838
Clay220932
Randolph212148
Jennings195836
Sullivan190833
Spencer188019
Fountain182127
Washington182022
Starke174443
Jay166322
Owen162837
Fulton162330
Orange156333
Carroll155415
Rush153318
Perry151227
Vermillion147334
Franklin146933
Tipton130932
Parke13018
Pike115626
Blackford110522
Pulaski96137
Newton90521
Brown86833
Benton85910
Crawford7839
Martin72313
Warren6757
Switzerland6455
Union6227
Ohio4787
Unassigned0375