HACKERS installed spy software on phones using a major WhatsApp flaw just by calling them, it was revealed last night.
Even if the call was not picked up, the software would be installed.
It gave hackers full access to phones remotely, allowing them to read messages, see contacts and switch on the camera.
The Facebook-owned messaging app is urging all its 1.5billion users to update their apps to protect themselves from further attacks.
It said the hacks targeted specific users and were carried out by “an advanced cyber actor” using software developed by Israeli cyber arms dealer NSO Group, according to the Financial Times.
The software was installed on targets’ devices using the WhatsApp voice calling function.
Even if the call was not picked up, the software would be installed and the call would even be deleted from the device’s call log.
WhatsApp’s security team spotted the flaw and rolled out a fix on Friday.
‘UPDATE’ WARNING
Only a “select number” of users were targeted although the exact number is not yet known, WhatsApp said.
Human rights groups, some security companies and the US Department of Justice were informed of the glitch earlier this month, WhatsApp told the BBC.
In a statement, the firm said: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
‘We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.’ The firm is said to have alerted officials at the US Department of Justice after discovering the vulnerability in early May. WhatsApp claims to have 1.5 billion users around the world and it released a software update on Monday.