STREAMING NOW: Watch Now

WhatsApp reveals major security flaw that could let hackers access phones

WhatsApp has revealed a vulnerability in its system that could have allowed hackers access to its users' phones, with a London-based human rights lawyer poss...

Posted: May 14, 2019 9:01 AM

WhatsApp has revealed a vulnerability in its system that could have allowed hackers access to its users' phones, with a London-based human rights lawyer possibly among the targets.

The encrypted messaging service, owned by Facebook, said Monday that it had discovered and fixed the vulnerability the attackers had sought to exploit. The hackers could implant malicious code on a victim's phone by placing a voice call to the victim on WhatsApp.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems," a WhatsApp spokesperson said in a statement.

While WhatsApp did not name the private company, a source familiar with the investigation into the attack said that company is NSO Group, an Israeli cyber company that has developed a powerful piece of malware designed to spy on its victims.

In a statement provided to CNN on Monday, NSO said, "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies."

NSO said its technology was licensed to government agencies "for the sole purpose of fighting crime and terror," adding that those agencies determine how the technology is used without any involvement from the company.

The Financial Times first reported details of the vulnerability.

Human rights activists targeted?

Among those believed to have been targeted via WhatsApp is a London-based human rights lawyer.

On Sunday, the lawyer received two calls that John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab believes were part of the attack. Citizen Lab is an academic security research group that investigates digital threats to civil society groups and online freedom of expression.

The apparent attempt to breach the lawyer's phone was not successful, Scott-Railton said, as WhatsApp had patched the vulnerability by Sunday.

WhatsApp had reached out to Citizen Lab and a number of other groups that work with human rights defenders before publicly acknowledging the attack.

The collaboration between WhatsApp and Citizen Lab helped identify the attempted attack on the London-based lawyer. The lawyer does not want to be named, Scott-Railton told CNN.

Responding specifically to the apparent targeting of the lawyer, NSO Group said in a statement, "NSO would not or could not use its technology in its own right to target any person or organization, including this individual."

Amnesty International filed a petition at the district court of Tel Aviv on Tuesday demanding Israel withdraw NSO's export license, Amnesty's lawyer told CNN Business.

The group claims that NSO software "threatens the rights to privacy and to freedom of opinion and expression, in breach of Israel's obligations under international human rights law."

It said one of its researchers had been targeted via a WhatsApp message containing NSO's spying software in 2018 while working on a campaign to release six women's rights activists detained in Saudi Arabia.

How to update your WhatsApp

WhatsApp said while it has fixed the vulnerability the attackers were exploiting, it is also encouraging users to update to the latest version of the WhatsApp app "out of an abundance of caution." The company said it has also contacted US law enforcement.

Ireland's Data Protection Commission, which supervises Facebook's activities in Europe, said it had been informed of the vulnerability on Monday, adding it was unclear at this stage whether any EU user data had been affected.

Still, it too urged users to ensure the update WhatsApp on their devices.

Here's how:

On an iPhone

-- Open the App Store and select updates.

-- Select "WhatsApp" and Update.

On an Android device

-- Open the Play Store and tap on the 3 lines in the upper left corner.

-- Select "My apps & games" from the menu.

-- Select "WhatsApp" and select Update.

Terre Haute
Clear
87° wxIcon
Hi: 92° Lo: 66°
Feels Like: 93°
Robinson
Scattered Clouds
85° wxIcon
Hi: 90° Lo: 65°
Feels Like: 93°
Indianapolis
Few Clouds
86° wxIcon
Hi: 90° Lo: 69°
Feels Like: 88°
Rockville
Clear
82° wxIcon
Hi: 90° Lo: 66°
Feels Like: 85°
Casey
Clear
86° wxIcon
Hi: 89° Lo: 67°
Feels Like: 92°
Brazil
Clear
87° wxIcon
Hi: 91° Lo: 66°
Feels Like: 93°
Marshall
Clear
87° wxIcon
Hi: 90° Lo: 66°
Feels Like: 93°
July Heat Continues
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 144013

Reported Deaths: 6951
CountyConfirmedDeaths
Cook909114581
Lake9752418
DuPage9083472
Kane7733271
Will6744320
Winnebago304695
McHenry206197
St. Clair1906136
Kankakee128565
Kendall96320
Madison94769
Rock Island94729
Champaign88012
Boone59521
DeKalb55818
Peoria49928
Sangamon43132
Jackson33219
Randolph2877
Stephenson2745
McLean26113
Ogle2614
Clinton23717
Macon23122
LaSalle21917
Union19119
Whiteside19115
Coles17017
Grundy1674
Iroquois1575
Warren1380
Tazewell1378
Knox1320
Cass1302
Morgan1283
Monroe12713
Williamson1204
Jefferson10717
McDonough10115
Lee972
Adams931
Henry881
Pulaski760
Marion660
Vermilion662
Perry541
Douglas520
Macoupin523
Unassigned500
Jasper467
Livingston452
Jo Daviess441
Montgomery441
Christian434
Jersey351
Ford331
Woodford332
Bureau292
Menard250
Fayette233
Alexander220
Franklin220
Mason220
Wabash220
Carroll212
Johnson200
Mercer200
Piatt200
Washington200
Hancock191
Crawford180
Moultrie180
Shelby181
Fulton150
Logan150
Clark140
Wayne141
Bond131
Massac130
Schuyler130
Cumberland120
Effingham121
Brown100
Edgar100
Greene90
Saline90
Henderson80
Marshall80
Lawrence70
De Witt60
Hamilton50
White50
Richland40
Stark30
Clay20
Edwards20
Gallatin20
Pike20
Calhoun10
Hardin10
Out of IL10
Pope10
Putnam10
Scott00

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 45952

Reported Deaths: 2650
CountyConfirmedDeaths
Marion11387679
Lake4872240
Elkhart308543
Allen2677114
St. Joseph184965
Cass16369
Hamilton1484100
Hendricks136699
Johnson1235118
Porter68537
Madison64363
Tippecanoe6408
Clark62244
Bartholomew57844
Howard54356
LaPorte53925
Kosciusko4952
LaGrange4596
Jackson4553
Noble44728
Vanderburgh4306
Hancock42935
Delaware42648
Boone42242
Shelby41625
Marshall4123
Floyd36344
Morgan32031
Montgomery28720
Grant28526
Clinton2792
Dubois2606
White25810
Monroe25628
Decatur24632
Henry23515
Lawrence23124
Vigo2248
Harrison20822
Dearborn20422
Warrick20129
Greene18431
Miami1802
Jennings16911
Putnam1658
DeKalb1594
Scott1547
Daviess13916
Orange13323
Wayne1286
Franklin1248
Steuben1232
Perry1209
Ripley1127
Carroll1092
Jasper1092
Wabash1072
Fayette967
Newton9510
Whitley814
Randolph764
Starke733
Huntington702
Wells681
Jay670
Fulton661
Jefferson651
Washington641
Pulaski631
Knox620
Clay594
Rush573
Benton480
Adams451
Owen451
Gibson442
Sullivan441
Brown381
Blackford372
Posey350
Spencer311
Tipton301
Crawford290
Fountain292
Switzerland250
Martin220
Parke220
Ohio140
Warren141
Union130
Vermillion130
Pike80
Unassigned0194