According to Financial times, a vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones.The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs.
As late as Sunday, as WhatsApp engineers raced to close the loophole, a UK-based human rights lawyer’s phone was targeted using the same method. WhatsApp, which is owned by Facebook, is too early into its own investigations of the vulnerability to estimate how many phones were targeted using this method, a person familiar with the issue said.
Spokespeople for NSO Group did not immediately respond to an email from the AP seeking comment. NSO says its products enable government intelligence and law enforcement agencies to investigate and prevent terrorism and crime.
The revelation adds to the questions over the reach of the Israeli company's powerful spyware, which can hijack mobile phones, control their cameras and effectively turn them into pocket-sized surveillance devices.
NSO's spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents.
According to a New York Times report last year, the United Arab Emirates had asked NSO to hack into the phones of the Qatari emir and a Saudi prince among other political and regional rivals. The spyware was also implicated in the gruesome killing of journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year. His body could not be found.
Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, are currently suing NSO in an Israeli court over the hacking.