According to the Financial Times, a loophole in the WhatsApp software allowed NSO Group’s ‘Pegasus’ spyware to inject spyware into a targets phone by calling their WhatsApp numbers – whether they picked up or not.
WhatsApp user Drew Camilleri uses the app for group chats between friends, but he isn’t concerned about his app being hacked.
“I am vigilant to make sure I have the smallest chance of it happening to me,” he said.
Mr Camilleri said he ensures phone operating system and his apps are updated.
It’s reported WhatsApp knew about the breach in early May but only released a patch on Monday.
University of Wollongong senior lecturer and member of the Institute of Cybersecurity and Cryptology (iC2) Joonsang Baek said while 1.5 billion people were exposed to the cyber threat, it seemed the hack had targeted human rights groups and journalists.
“The software [Pegasus] is known to target high-profile individuals or activist groups,” Mr Baek said.
Amnesty International and 50 other organisations have supported a legal action that has been filed in Israel that would revoke the export licences of the NGO Group. This would mean the software could not be sold.
“The Israeli MoD [Ministry of Defence] has ignored mounting evidence linking NSO Group to attacks on human rights defenders, which is why we are supporting this case,” Amnesty Tech deputy director Danna Ingleton said.
A UK lawyer alleged an attempt was made to hack his phone and claimed it was an effort to find details of his human rights work, according to The Guardian.
Mr Baek said the real concern is the possible attacks on the general public, through leaks of the software onto third parties.
“To me, the real problem is that the source codes of those sophisticated malware programs can be stolen or leaked to a group of people who have malicious intention to attack the public. A notorious example of such incidence is the WannaCry ransomware, which propagated through utilising the NSA’s leaked exploit called “EnternalBlue”,” Mr Baek said.
Feature image: via Pexels.