The vulnerability was fixed on Friday, but it’s a blow to a company that prides itself on providing secure communications to its 1.5 billion users, using end-to-end encryption.
The details: The security hole let an attacker read messages on the target’s device. It used WhatsApp’s voice calling feature to call someone and then install surveillance software, even if the call was not picked up. The call would often disappear from the device’s call log. It was discovered earlier this month by WhatsApp’s own security team. It targeted specific users and was developed by Israeli security company NSO Group, according to the Financial Times.
Who’s behind it? Its development is likely to have been directed by a government, and the suspected attacks were targeted to specific individuals, WhatsApp said. It didn’t name any of them.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.