NSO said its technology was licensed to government agencies "for the sole objective of fighting crime and terror", adding that those agencies determine how the technology is used without any involvement from the company.
WhatsApp is a free mobile messaging app which uses mobile data or Wifi to send pictures, videos, voice notes, and texts. The Facebook-owned company - which touts its "simple, secure" messaging - said it discovered spyware had been installed remotely on "dozens" of smart phones through the app. It merely used a bug in the WhatsApp software as an infection vehicle. It can also record location data and activate a phone's microphone and camera. Government and private hackers are working feverishly on new methods to deploy malware with operating system-wide privileges.
NSO limits sales of its spyware, Pegasus, to state intelligence agencies.
WhatsApp said it took less than 10 days after discovering the flaw in early May to make the required changes to its infrastructure. One can, for example, encrypt messages on a non-networked device before sending them out through one's phone.
The spyware is so sophisticated it can infect a victim's phone by the attacker simply calling the victim's number using the app's call function.
A researcher at University of Toronto's Citizen Lab - an internet watchdog - called the hack "a very scary vulnerability". For iOS users, go to Settings and then click on "iTunes & App Stores".
In fact, it didn't even matter if the recipient answered the call or not. It was found that it erased details about incoming calls and also deleted associated logs to operate without notice.
WhatsApp did not name the private company responsible for the breach, however, it's believed that many WhatsApp users, including a London-based human rights lawyer, were impacted by the incident.
The company said they have provided information to U.S. authorities to help with the investigation.
"We are deeply concerned about the abuse of such capabilities", WhatsApp said in a statement. So if you see an update is available for WhatsApp, it is highly recommended that you install it on all of your devices.
It added that it does not operate the system itself and "under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies".
"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system", the company said. The NSO Group is a technology firm focused on cyber intelligence.
The revelation adds to the questions over the reach of the Israeli company's powerful spyware.
Many journalists, dissidents, activists, and lawyers have reported attacks by NSO's spyware.
The organisation is fighting for the NSO group to have its export license withdrawn by Israeli government. WhatsApp said the attack affected a "select number" of users through "an advanced cyber actor".
- Windstorm Gives High-Rise Window Washers a Harrowing Ride
- Madonna Defends Decision to Perform at Eurovision in Israel
- Jets fire GM Mike Maccagnan; coach Adam Gase acting GM
- Moonquakes are causing the moon to shrink over time
- Nebraska farmer saws off own leg with pocket knife, crawls for help
- DISTRESSING FOOTAGE: Elderly man dies after woman shoves him off bus
- Dauntless Coming to Consoles and Epic Games Store Next Week
- 6 missing after midair floatplane collision in Alaska
- Trump downplays US-China trade fight, says talks ongoing
- U.S. officer shoots and kills pregnant woman after trying to arrest her