The Financial Times has reported that the attack was developed by Israeli security firm NSO Group. It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call went unanswered, the surveillance software would be installed and, according to the FT report, would often disappear from the call list.

WhatsApp – which is owned by Facebook – told the BBC that the attack was detected by its security team. They then shared the information with human rights groups, security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a briefing document note. They also said that it was too early to know how many users had been targeted.

Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible.

But NSO Group responded to report, saying: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual.”

Just for peace of mind, it might be a good idea to make that quick update.

Image: Getty

WhatsApp urges you to update the app following a cyber-attack, but what’s actually happened?