WhatsApp confirms cyber surveillance attack

A vulnerability in the messaging app has allowed hackers to install surveillance software on phones and other devices.

In early May, it was discovered by WhatsApp’s security team, that attackers were able to install surveillance software on both iPhones and Android phones by ringing a target’s device. Even if the call was not picked up, the malicious software could immediately be installed, and often the call disappeared from the call logs.

The attack was developed by the Israeli company NSO Group. WhatsApp disclosed that the attack targeted a “select number” of users. Although it is too early in the investigations to state a definite number on how many phones were targeted.

NSO’s flagship product is Pegasus, a program that has the ability to collect intimate and sensitive data from a target device, including obtaining data through the microphone and camera, and collecting location data.

Danna Ingleton, deputy programme director for Amnesty Tech said:

“They’re able to infect your phone without you actually taking an action.”

WhatsApp disclosed the attack to the US Department of Justice last week, and began rolling out a fix to its servers on Friday last week, and on Monday customers were issued a patch.

WhatsApp said:

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

“We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”

NSO responded:

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”

“NSO would not, or could not, use its technology in its own right to target any person or organisation.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.