In Brief

WhatsApp reveals attack by ‘advanced cyber actor’

Reports say service was targeted by an Israeli security firm

WhatsApp has suffered a “targeted” surveillance attack on its messaging service.

The messaging app, which is owned by Facebook and used by 1.5bn people worldwide, said the attack targeted a “select number” of users, and was carried out by “an advanced cyber actor”. It is an embarrassing development for the service’s owner, which has faced mounting criticism over privacy concerns.

According to reports, the attack was carried out by Israeli security firm NSO Group. Attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function. 

The Guardian speculates on who might have been targeted, stating that the messaging app “uses end-to-end encryption, making it popular and secure for activists and dissidents”, while Sky News adds that the attack has “the hallmarks of a private company that works with governments to deliver spyware”.

Facebook previously announced plans “to merge WhatsApp, Facebook and Instagram's software architecture, raising the question as to whether an insecurity in one platform will lead to holes across all three products”, The Daily Telegraph says.

WhatsApp says its engineers had worked around the clock in San Francisco and London to respond to the vulnerability. The company says it began rolling out a fix to its servers on and issued a patch for customers yesterday. It urges all users to update their apps as an added precaution.

The NSO Group is an Israeli company that the BBC says is described as a “cyber arms dealer”. Its Pegasus software can collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.

Human rights campaigners in the Middle East have previously received text messages over WhatsApp that contained links that would download Pegasus to their phones.

Amnesty International says it has been targeted by tools created by the NSO Group in the past and has long feared an escalation in this activity. 

“They're able to infect your phone without you actually taking an action,” said Danna Ingleton, deputy programme director for Amnesty Tech. “There needs to be some accountability for this, it can't just continue to be a wild west, secretive industry.”

However, NSO said in a statement: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation."

Recommended

Man splattered as plane drops ‘fluidy’ excrement
A plane
Tall Tales

Man splattered as plane drops ‘fluidy’ excrement

‘Boris’s trillion pound green gamble’
Today's newspaper front pages
Today’s newspapers

‘Boris’s trillion pound green gamble’

Man has phone in his stomach for six months
A mobile phone
Tall Tales

Man has phone in his stomach for six months

Award-winning female author is three men
A hand typing on a keyboard
Tall Tales

Award-winning female author is three men

Popular articles

The tally of Covid-19 vaccine deaths examined
Boy receiving Covid vaccine
Getting to grips with . . .

The tally of Covid-19 vaccine deaths examined

Insulate Britain: what do they want?
Insulate Britain protesters
Profile

Insulate Britain: what do they want?

What is blackfishing?
Shot of Jesy Nelson with her hair in braids
In Depth

What is blackfishing?

The Week Footer Banner