WhatsApp: Software takes advantage of a loophole to spy on you

During a simple telephone call, a huge flaw of the WhatsApp application provides full access to the content of the smartphone. Some 1.5 billion users are affected. The vulnerability was corrected on Monday.

A major flaw was discovered in the WhatsApp instant messenger mobile application that is encrypted end to end. A simple incoming call on the email is enough to give full access to the smartphone.

This vulnerability affects all 1.5 billion users of this application, which belongs to Facebook. This flaw would be worth a million dollars, according to Zerodium, a security company that buys flaws on all platforms.

The publisher discovered early May that a group had managed to install a surveillance program on smartphones of its users, both on iPhone and mobile using Android.

To carry out the attack, it was enough for them to call the victim via WhatsApp. The latter does not even have to answer it, ringing the mobile phone is enough to trigger the flaw. The group was able to discreetly install spyware, which removes all traces of the call in the history to remain discreet.

The NSO editor pointed the finger

The  Financial Times has identified the software publisher as the Israeli firm NSO, known for selling spyware to intelligence services in Western countries and the Middle East.

Its flagship product, Pegasus, can collect all smartphone information, including e-mails, SMS, and photos, but it can also turn on the camera and microphone to monitor the victim without his knowledge.

This program has already been used in attacks against WhatsApp users, but at the time the victims, mainly human rights activists in the Middle East, were receiving misleading messages urging them to download Pegasus via a link.

An update already published

At present, WhatsApp has not given an estimate of the number of victims. A representative of the firm confirmed that “a  certain amount of users were targeted through this fault by a player with advanced technologies.

The attack has all the features of a private company that would work with governments to deliver spyware that takes control of mobile operating systems.”

WhatsApp said it intervened on its servers Friday to prevent these attacks and issued an update on Monday to correct the flaw. Users are strongly encouraged to check that the application is up to date.