WhatsApp Compromised by Hack That Transfers Spyware by Missed Calls
The popular messaging platform, WhatsApp, has been compromised by a hack from an Israeli cyber-intelligence firm that could leave a user’s phone vulnerable to spyware passed via the app’s calling function, reports the Financial Times.
The spyware — a type of code that ‘infects’ a device’s operating system and covertly transfers data from it — can be transferred simply by making a WhatsApp call, even if the recipient does not answer the call, and can erase WhatsApp call logs, according to FT.
WhatsApp told FT it discovered the vulnerability earlier this month; on Monday, the app issued an update it says will resolve the issue, and has been urging users to download the update as a preventative measure.
Related on The Swaddle:
Still, the hack is a blow to WhatsApp, whose selling point is privacy, with its end-to-end encryption, and who has reportedly resisted government pressure to build a ‘back door’ into users’ data. It also suggests such back doors (a longtime battleground between tech giants, government regulators, and government intelligence agencies) are no longer necessary — unless, of course, the hack didn’t take advantage of one and WhatsApp’s resistance isn’t just for show; cyberintelligence is something of a Wild Wild West at the moment. Earlier this month, the New York Times reported that Chinese cyberintelligence efforts acquired U.S. intelligence hacking tools in 2016, turning the tables during an attempted U.S. hack, and have been using the tools since.
WhatsApp’s vulnerability to transmitting spyware was discovered during an attempted hack of the phone of a U.K.-based attorney who is currently involved in a lawsuit against NSO Group, the cyber-intelligence firm to which the spyware has been traced. NSO Group has been at the center of controversy for the past year, as its sypware products are known to have been used by repressive governments targeting human rights activists, political dissidents and journalists.
The incident also highlights how behind-the-times government regulators are when it comes to figuring out how to secure users’ data. While many are calling for tech giants like Facebook (which owns WhatsApp) to be broken into smaller pieces in order to curb their power, and celebrating the U.S. Supreme Court’s recent ruling to allow an anti-trust suit against Apple to move forward, this episode makes clear that smaller tech does not necessarily mean safer tech for the average user.