The developers of WhatsApp Messenger (owned by Facebook) found a vulnerability in the system, by which hackers were able to install malicious program on users’ devices to track the location. The company told about it to the Financial Times.
The vulnerability was found in early May in Android and iOS versions of the WhatsApp app. To activate it, trespassers made a call to the victim's smartphone through the messenger. Regardless of whether the user answered this call, spyware was installed on a device. By this, the information about the call could not be saved in the history.
So far, WhatsApp has eliminated the vulnerability, and users are suggested to update the app on their devices. The investigation of the incident is under way – it is still unclear how many devices were hacked, but amid victims there are researchers from Amnesty International and an undisclosed British lawyer who specializes in the human rights protection.
As the FT source stated, the Israeli NSO Group company created the spyware that was installed on the devices. The main product of this software engineer is the Pegasus app, which enables collecting data about messages and user's dislocation. Initially, NSO Group transmitted this application to governments to fight criminals and terrorists. The company's representatives refuted the app involvement in the hacking incident with WhatsApp.
Human rights defenders have repeatedly put the blame on NSO Group for transmitting the developments to the repressive regimes in the Middle East, while the latter is using them to spy on civic activists. One of these days it was mentioned that activists would sue the Israeli Ministry of Defense with a demand to deprive the NSO of a license to export its products.