Whatthehas revealed a vulnerability in its system that could have allowed hackers access to its users’ phones, with a London-based human rights lawyer possibly among the targets.
The encrypted messaging service, owned by Facebook (FB), said Monday that it had discovered and fixed the vulnerability the attackers had sought to exploit. The hackers could implant malicious code on a victim’s phone by placing a voice call to the victim on WhatsApp.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” a WhatsApp spokesperson said in a statement.
While WhatsApp did not name the private company, a source familiar with the investigation into the attack said that company is NSO Group, an Israeli cyber company that has developed a powerful piece of malware designed to spy on its victims.
In a statement provided to CNN on Monday, NSO said, “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”
NSO said its technology was licensed to government agencies “for the sole purpose of fighting crime and terror,” adding that those agencies determine how the technology is used without any involvement from the company.
The Financial Times first reported details of the vulnerability.