A vulnerability in the WhatsApp messaging app let attackers install Israeli spyware onto iPhones and Android phones through its call function, The Financial Times reports. A source told the newspaper that WhatsApp was working to fix the loophole as late as Sunday, and said it was s too early in the company’s investigation to determine how many were affected. A fix for the vulnerability was released by the app on Monday, and the company reportedly notified the Justice Department of the attack last week. “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” the company said.
The software involved was reportedly developed by Israeli company NSO Group, whose flagship product can turn on a “phone’s microphone and camera, trawl through emails and messages and collect location data.” In a statement, NSO Group said its technology was “solely operated by intelligence and law enforcement agencies” and it would not target any individuals or groups in its own right. Researchers previously concluded that NSO Group software was used to spy on Washington Post columnist Jamal Khashoggi’s phone.