Facebook's WhatsApp messenger caught (but later fixed) a major vulnerability. Using a simple audio call, hackers have learned to download spyware to user devices, thereby hacking WhatsApp to their advantage. Interestingly, the smartphone could get infected with the spyware even if the subscriber did not answer the audio call.
An error detected by WhatsApp made it possible to remotely download malware to other people's devices. A spyware virus called Pegasus is owned by the NSO Group. The messenger's vulnerability is associated with making ordinary audio calls - to download the virus, an attacker only needs to make a call using WhatsApp. At the same time, the user does not have to answer the call - the main thing is that the call simply goes to the smartphone. Then the data about him may not even be saved in the journal, so the owner of the device may not even suspect that his gadget was attacked. A similar scheme was used on Android smartphones and iOS devices.
The messenger team has confirmed that the discovered WhatsApp vulnerability and the Pegasus download cases did occur. The messenger error was fixed, although WhatsApp representatives strongly recommend updating the application to the latest version. The number of hacks recorded is unknown, but the WhatsApp team believes that there are few of them due to the time-consuming installation process. Globally, there are about 1.5 billion WhatsApp users, while an application bug that made holes in user devices lasted for several weeks.
The Pegasus program is mainly used at the government level to obtain information about citizens or in the event of a terrorist threat. Such software can activate the camera and microphone on the device, receive geolocation data, read correspondence and messages. Pegasus was previously used by cybercriminals through the WhatsApp platform, but at that time users only received text messages with a malicious link to install the program.
The messenger team shifts the focus to the NSO Group, claiming that it is this company that sells the software that provoked a possible hacking of WhatsApp and allowed them to gain control over someone else's smartphone. In turn, representatives of the NSO Group announced the start of an investigation into the use of a branded product Pegasus through a messenger error.
At the same time, the company added that it does not use this program on its own, always thoroughly tests the buyers of its software and has no direct relation to those who use Pegasus for criminal purposes.
The Topic of Article: WhatsApp fixed a bug that allowed malware to be downloaded to a smartphone.