WhatsApp reveals major security flaw that could let hackers access phones

WhatsApp has revealed a vulnerability in its system that could have allowed hackers access to its users' phones, with a London-based human rights lawyer poss...

Posted: May 14, 2019 8:01 AM

WhatsApp has revealed a vulnerability in its system that could have allowed hackers access to its users' phones, with a London-based human rights lawyer possibly among the targets.

The encrypted messaging service, owned by Facebook, said Monday that it had discovered and fixed the vulnerability the attackers had sought to exploit. The hackers could implant malicious code on a victim's phone by placing a voice call to the victim on WhatsApp.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems," a WhatsApp spokesperson said in a statement.

While WhatsApp did not name the private company, a source familiar with the investigation into the attack said that company is NSO Group, an Israeli cyber company that has developed a powerful piece of malware designed to spy on its victims.

In a statement provided to CNN on Monday, NSO said, "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies."

NSO said its technology was licensed to government agencies "for the sole purpose of fighting crime and terror," adding that those agencies determine how the technology is used without any involvement from the company.

The Financial Times first reported details of the vulnerability.

Human rights activists targeted?

Among those believed to have been targeted via WhatsApp is a London-based human rights lawyer.

On Sunday, the lawyer received two calls that John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab believes were part of the attack. Citizen Lab is an academic security research group that investigates digital threats to civil society groups and online freedom of expression.

The apparent attempt to breach the lawyer's phone was not successful, Scott-Railton said, as WhatsApp had patched the vulnerability by Sunday.

WhatsApp had reached out to Citizen Lab and a number of other groups that work with human rights defenders before publicly acknowledging the attack.

The collaboration between WhatsApp and Citizen Lab helped identify the attempted attack on the London-based lawyer. The lawyer does not want to be named, Scott-Railton told CNN.

Responding specifically to the apparent targeting of the lawyer, NSO Group said in a statement, "NSO would not or could not use its technology in its own right to target any person or organization, including this individual."

Amnesty International filed a petition at the district court of Tel Aviv on Tuesday demanding Israel withdraw NSO's export license, Amnesty's lawyer told CNN Business.

The group claims that NSO software "threatens the rights to privacy and to freedom of opinion and expression, in breach of Israel's obligations under international human rights law."

It said one of its researchers had been targeted via a WhatsApp message containing NSO's spying software in 2018 while working on a campaign to release six women's rights activists detained in Saudi Arabia.

How to update your WhatsApp

WhatsApp said while it has fixed the vulnerability the attackers were exploiting, it is also encouraging users to update to the latest version of the WhatsApp app "out of an abundance of caution." The company said it has also contacted US law enforcement.

Ireland's Data Protection Commission, which supervises Facebook's activities in Europe, said it had been informed of the vulnerability on Monday, adding it was unclear at this stage whether any EU user data had been affected.

Still, it too urged users to ensure the update WhatsApp on their devices.

Here's how:

On an iPhone

-- Open the App Store and select updates.

-- Select "WhatsApp" and Update.

On an Android device

-- Open the Play Store and tap on the 3 lines in the upper left corner.

-- Select "My apps & games" from the menu.

-- Select "WhatsApp" and select Update.

Mississippi Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 61125

Reported Deaths: 1711
CountyConfirmedDeaths
Hinds5209106
DeSoto328027
Madison228154
Rankin212428
Harrison209832
Jackson192934
Jones176557
Forrest163153
Washington148032
Lauderdale132388
Lee123230
Neshoba119487
Lamar111512
Oktibbeha105235
Lowndes97332
Warren96426
Scott95317
Bolivar93932
Copiah90924
Panola90711
Sunflower90622
Lafayette8699
Holmes84347
Leflore83259
Pike82632
Grenada81220
Yazoo77311
Leake76725
Lincoln74339
Wayne73221
Pontotoc7247
Simpson71126
Monroe69750
Coahoma65910
Tate64523
Marion59918
Adams58025
Covington57811
Winston57115
Marshall5668
George5415
Union51913
Newton51611
Attala49524
Tallahatchie49310
Pearl River48236
Walthall44218
Chickasaw43519
Noxubee41710
Claiborne40013
Smith37713
Jasper3758
Calhoun3748
Clay36814
Alcorn3544
Prentiss3376
Hancock32614
Tishomingo3163
Yalobusha31610
Lawrence3135
Itawamba30710
Tippah30412
Clarke29825
Montgomery2913
Humphreys26911
Tunica2656
Carroll24511
Greene22611
Kemper22315
Perry2217
Quitman2211
Amite2105
Jefferson Davis1986
Webster19712
Jefferson1916
Wilkinson18712
Sharkey1801
Stone1483
Choctaw1264
Benton1240
Franklin1142
Issaquena211
Unassigned00

Alabama Coronavirus Cases

Confirmed Cases: 89927

Reported Deaths: 1580
CountyConfirmedDeaths
Jefferson11650225
Mobile8998191
Montgomery6198143
Madison493225
Tuscaloosa391263
Baldwin317522
Shelby300232
Marshall294730
Unassigned263351
Lee249140
Morgan220615
Etowah191425
DeKalb167713
Elmore158437
Calhoun15359
Walker145763
Houston130912
Dallas128023
Russell12201
Franklin118420
Limestone118313
St. Clair118212
Cullman111311
Colbert107612
Lauderdale105312
Autauga101020
Escambia96515
Talladega89013
Jackson8163
Chambers81438
Tallapoosa80478
Dale77619
Butler75135
Blount7223
Covington70420
Coffee7035
Chilton6976
Pike6547
Barbour5625
Lowndes54624
Marion53524
Marengo51514
Clarke4849
Hale44925
Bullock43711
Perry4284
Winston42811
Wilcox4029
Monroe3884
Randolph38810
Conecuh37110
Bibb3643
Pickens3639
Sumter36118
Washington31011
Macon30813
Lawrence3060
Crenshaw2843
Choctaw27312
Henry2433
Greene24011
Cherokee2337
Geneva2260
Clay2165
Lamar1942
Fayette1695
Cleburne1141
Coosa902
Out of AL00
Tupelo
Overcast
77° wxIcon
Hi: 91° Lo: 70°
Feels Like: 79°
Columbus
Clear
86° wxIcon
Hi: 90° Lo: 68°
Feels Like: 91°
Oxford
Few Clouds
77° wxIcon
Hi: 87° Lo: 65°
Feels Like: 78°
Starkville
Clear
82° wxIcon
Hi: 90° Lo: 66°
Feels Like: 85°
WTVA Radar
WTVA Temperatures
WTVA Severe Weather