Nice Security You Got There Facebook
If you happen to be a Whatsapp user, you should stop chatting for a moment and update your client as there is a new attack which bears a remarkable resemblance to the Pegasus spyware detected late last year. Without Friday’s patch the voice call function on the app can be used to install spyware on your device, even if you don’t pick up that mysterious call. As The Inquirer points out, this is a bit of a blow to an app advertised as “safe, secure, end-to-end encrypted messaging“. If the spyware is installed on your device, it allows whomever distributed it to read encrypted chats, eavesdrop on your calls, photos, and contacts, as well as being able to turn your microphone and camera on without your knowledge.
It is possible the fairly quick patching of this vulnerability indicates Facebook’s merging of Facebook Messenger, Instagram and WhatsApp is not all bad, as they are favourite targets for those seeking to target people for identity theft, blackmail and all sorts of wonderful pastimes.
There's a very good chance that this was a State sanctioned hack, though which state isn't clear. However, the FT reports that the spyware was developed by Israel's NSO Group, whose Pegasus malware was previously used to target Amnesty International.