1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

WhatsApp attacked by advanced spyware

May 14, 2019

A missed call on WhatsApp was enough to infect some of the app users' phones with advanced spying software, the messaging platform has said. The malicious program was reportedly developed by Israel's NSO group.

Facebook and WhatsApp icons
Image: picture-alliance/dpa/F. Hörhager

The messaging platform WhatsApp said it had patched a vulnerability that allowed spyware to be installed via a missed call. The company assumes only selected users were targeted by an "advanced cyber actor."

The scope of the problem was unknown, but the number of affected individuals was at least in the dozens, a spokesman for the company said late Monday. WhatsApp urged its users to download the latest update for the app in order to protect themselves from attacks.

Media outlets, including the Financial Times and TechCrunch, identified the spyware as the product of Israel's NSO group. The group is famous for its software dubbed "Pegasus" which can hack smartphones and activate their microphones and cameras, collect location information and send out emails and texts.

Read more: German police ready to hack WhatsApp messages

While WhatsApp did not immediately confirm NSO was linked with the attack, they also said they were "not refuting" any of the media coverage.

The messaging platform also said the attack bore "all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems."

WhatsApp attacked

All operating systems targeted

WhatsApp is a Facebook subsidiary with more than 1.5 billion users and boasting end-to-end transcription protecting its users' privacy. On Monday, the company said the malware was discovered in early May.

A spokesman for the firm said the flaw was detected while "our team was putting some additional security enhancements to our voice calls." Its engineers found that affected users "might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped."

The hack targeted all commonly used smartphone operating systems, including Apple's iOS, Google's Android, Microsoft's Windows Phone and Samsung's Tizen.

The company said they have provided information to US authorities to help with the investigation.

Read more: WhatsApp limits message forwarding to combat fake news spreading

Human rights lawyer attacked

Many journalists, dissidents, activists, and lawyers have reported attacks by NSO's spyware. One of the alleged targets was a close friend of the murdered Saudi journalist Jamal Khashoggi. The Canada-based dissident and several Mexican activists are suing the company in an Israeli court.

Amnesty International, an international human rights watchdog, claims one of its staffers was targeted with the Israeli-made spyware last year. Following the Monday announcement, Amnesty International said it would join the effort to force Israel's defense ministry to suspend NSO's export license.

A UK-based human rights lawyer told the AP news agency that he was targeted in the latest attack. The activist, who wanted to stay anonymous for professional reasons, said he had received several suspicious missed calls over the past months, the most recent one on Sunday.

According to the Financial Times, the Israeli-based NSO do not use their software themselves. Their tools are usually operated by state security agencies.

Black hats versus white hats

dj/rc (dpa, AP)

Every evening, DW sends out a selection of the day's news and features. Sign up here.