With so much attention focused recently on constant consumer spying and privacy violations, erroneous or otherwise, by Amazon, Facebook and now Twitter, it is easy to forget that virtually other communication apps have the same purpose, and that's what one secretive Israeli company relied on when they used a vulnerability in the popular messaging app WhatsApp (owned by Facebook) to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said. What is unique is how the app was infected: with a simple phone call.
According to the FT, WhatsApp which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app's phone call function. The malicious code, developed by the secretive NSO Group, a notorious and controversial Israeli hacking and surveillance tools vendor, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs.
It is unclear how many apps were infected with the spyware trojan, which could for example, allow anyone to get access to John Podesta's email password (and then blame say, Vladimir Putin for example) as WhatsApp is too early into its own investigations of the vulnerability to estimate how many phones were targeted using this method, although it is likely a substantial number. As late as Sunday, the FT reports that WhatsApp engineers were racing to close the loophole.