A WhatsApp vulnerability has been preyed upon by spyware developed by an Israeli cyber intelligence company.
The Financial Times reports that WhatsApp discovered the vulnerability in early May and was targeted by the company in question, NSO Group, on May 12, when they attempted to attack a UK-based attorney's phone with their Pegasus spyware. The attorney in question is involved in a lawsuit against NSO Group.
Pegasus attacks via the WhatsApp phone call function. Once infected, the spyware has the ability to turn on a phone’s camera and microphone, collect messages, emails and location data. Devices can be infected even if the recipient doesn't answer the call.
NSO has stated that it only sells Pegasus to law enforcement agencies and governments as a means to terrorism and crime. The company denies any involvement in the WhatsApp case.
"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. (We) would not, or could not, use its technology in its own right to target any person or organization, including this individual," NSO told the Financial Times.
WhatsApp said the attack "has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems."
WhatsApp is unable to estimate the number of phones affected by the exploit - it has 1.5 billion users - and issued an updated version of the app on May 12.
