A security flaw in WhatsApp, one of the most popular messaging apps in the world, allowed sophisticated attackers to install spyware on phones, the company said on Tuesday, in the latest trouble for its parent Facebook.
The vulnerability — first reported by the Financial Times, and fixed in the latest WhatsApp update — allowed hackers to insert malicious software on phones by calling the target using the app, which is used by 1.5 billion people around the world.
The FT cited a spyware dealer as saying the tool was developed by a shadowy Israel-based firm called the NSO Group, which has been accused of helping governments from the Middle East to Mexico snoop on activists and journalists. Security researchers said the malicious code bore similarities to other tech developed by the firm, according to The New York Times.
The latest exploit — which impacts Android devices and Apple’s iPhones, among others — was discovered earlier this month and WhatsApp scrambled to fix it, rolling out an update in less than 10 days.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a spokesperson said in a statement to AFP.
The firm did not comment on the number of users affected or who targeted them, and said it had reported the matter to US authorities.
The breach is the latest in a series of issues troubling WhatsApp’s parent Facebook, which has faced intense criticism for allowing its users’ data to be harvested by research companies and over its slow response to Russia using the platform as a means to spread disinformation during the 2016 US election campaign.
Highly invasive software
The WhatsApp spyware is sophisticated and “would be available to only advanced and highly motivated actors”, the company said, adding that a “select number of users were targeted”.
“This attack has all the hallmarks of a private company that works with a number of governments around the world” according to initial investigations, it added, but did not name the firm.
WhatsApp has briefed human rights organizations on the matter, but did not identify them.
The Citizen Lab, a research group at the University of Toronto, said in a tweet it believed an attacker tried to target a human rights lawyer as recently as Sunday using this flaw, but was blocked by WhatsApp.
The NSO Group came to prominence in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates. Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target’s phone camera and microphone, and access data on it.
The firm said Tuesday that it only licenses its software to governments for “fighting crime and terror”.
The NSO Group “does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions”, it said in a statement to AFP.
“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.”
We don’t spy on users – Instagram chief
Instagram doesn’t snoop on private conversations as part of its advertising targeting strategy, the head of the popular social media site said in an interview Tuesday.
“We don’t look at your messages, we don’t listen in on your microphone; doing so would be super problematic for a lot of different reasons,” Instagram chief Adam Mosseri said in an interview with CBS.
“But I recognize you’re not going to really believe me.”
During the interview, Mosseri acknowledged that he is grilled regularly by Instagram users who insist they receive ads from restaurants, stores and other companies after only conducting a private conversation about an item and not posting to the broader site.
Like its parent company Facebook, Instagram — a social media site for posting photographs — offers a private messaging system, as well as a platform to post items to followers.
The issue of user privacy has been one of the many controversies dogging Facebook in the wake of revelations that defunct political consultancy Cambridge Analytica used private data from tens of millions of Facebook users for political targeting.
Mosseri said there were two ways that users may have this experience, “dumb luck” and if users are talking about a consumer good more generally.
“You saw a restaurant on Facebook or Instagram and you really like the thing. It’s top of mind, maybe it’s subconscious and then it bubbles up later,” Mosseri said. “I think this kind of thing happens often in a way that’s really subtle.”
Mosseri was also probed on the company’s policy on videos of famous people that are altered and can go viral.
Recent cases include one of House Speaker Nancy Pelosi that was slowed down to make her appear drunk or impaired, and a “deepfake” video of Mark Zuckerberg altered to show the Facebook chief bragging about controlling billions of people’s “stolen” personal data.
Mosseri said Instagram is working on a policy for deepfakes.
“We are not going to make a one-off decision to take a piece of video down just because it’s of Mark and Mark happens to run this place,” he said. “That would be really inappropriate and irresponsible.”
He said any policy would be based on “defined principles” and would be “transparent.”
The first order of business is to locate doctored content more quickly, he said.
“Once we can do that, then we can have the next debate about whether or not to take it down when we find it,” Mosseri said.
Facebook suspends pre-installation of WhatsApp, Instagram apps on Huawei phones
Facebook Inc. said on Friday it would no longer allow pre-installation of its WhatsApp, Instagram and other apps on new Huawei phones.
Facebook told Reuters in San Francisco that customers who already had Huawei phones would still be able to use its apps and receive updates.
“But new Huawei phones will no longer be able to have Facebook, WhatsApp and Instagram apps pre-installed,” Facebook Inc said.
Smartphone vendors often enter business deals to pre-install popular apps such as Facebook, including Twitter and Booking.com also come pre-installed on Huawei phones in many markets.
Twitter Inc declined to comment and Booking Holdings did not respond to a request on the matter.
The latest blow is a hurdle for the Chinese tech giant as it struggles to keep its business afloat in the face of a US ban on its purchase of American parts and software.
The move by Facebook dampens the sales outlook for Huawei Technologies Co Ltd, whose smartphone business became its biggest revenue generator last year, powered by strong growth in Europe and Asia.
Huawei declined to comment on the issue.
Alphabet Inc’s Google said earlier that it would no longer provide Android software for Huawei phones after a 90-day reprieve granted by the US government expires in August.
But Google’s Play store and all Google apps will still be available for current models of Huawei phones, including those which have not yet shipped or even been built.
The Facebook ban, by contrast, applies to any Huawei phone that has not yet left the factory, according to a person familiar with the matter.
Facebook declined to comment on when the suspension took place.
In May, Washington banned US companies from supplying technology to Huawei, part of a long-running campaign against the company.
The US alleges that Huawei is too close to the Chinese government and that its telecom network gear and other products could be a conduit for espionage, which Huawei denies.
Buyers of current Huawei phone models that do not have Facebook pre-installed would still be able to download it from the Google Playstore.
Future versions of Huawei phones, however, will not have access to the Google Playstore and its apps unless the US government changes course.
Huawei has said it was prepared for the US action and vowed to work around any disruptions.
But some customers at stores in Europe and Asia have told Reuters that they are reluctant to buy Huawei phones in the face of uncertainties, and analysts expect a dramatic drop in Huawei smartphone sales.
Researcher’s Experiments With Monkey Offer Clues On Origin Of Language
Green and vervet monkeys live on either side of Africa and their evolutionary paths diverged 3.5 million years ago, and yet the two species share a hard-wired vocabulary when faced with danger, clever experiments have shown.
The new research, published on Monday, sheds light not only on how primates — including humans — respond to threats but also on the building blocks of language itself.
Vervet monkeys in the savannah of East Africa utter three distinct cries depending on whether they spot a leopard, a snake or an eagle, their three main predators.
Fellow monkeys who hear the cries but cannot see the peril react accordingly: the leopard call sends them scurring up a tree, a snake call prompts them to stand motionless on two legs, and the eagle cry makes them scan the sky while seeking shelter.
It’s as if a sentinel is shouting, “Freeze, it’s a snake!”, or “Get off the ground, it’s a leopard!”
The discovery thirty years ago of these unique warning cries sparked debate as to whether they were like primitive words, noted Julia Fisher, head of the cognitive ethology laboratory at the German Primate Center in Gottingen, Germany and senior author of a study in Nature Ecology & Evolution.
It also raised the question of where they came from. Did young vervets learn them through imitation, were the cries genetically imprinted?
To deepen their understanding, Fisher and colleagues set up an experiment with a community of green monkeys in Senegal which they have been observing for more than a decade.
Like their distant cousins across the continent, green monkeys also emit specific danger calls for big cats and snakes, and react accordingly.
But because the raptors in their neighbourhood pose no threat, anything like the vervet “eagle call” is simply not in their repertoire.
Even when the scientists tried to scare the green monkey with dummy birds, it didn’t work.
“Any attempt to get them to vocalise in response to model eagles failed utterly,” said Fisher.
But then she had an idea.
“We decided to bring in a drone and fly it over the green monkeys, to expose them to something potentially dangerous in the air that they had never seen before,” she explained.
The drone flew at an altitude of about 60 metres (200 feet) over the unsuspecting animals.
Once the monkeys spotted it, the response was immediate: they gave alarm calls and scurried for cover.
Not only was the cry different from the response to leopards or snakes, it was “strikingly similar” to the eagle alarms of East African vervets.
“Despite 3.5 million years of evolutionary divergence, the call structure stayed essentially the same,” Fisher noted.
In the vocabulary of evolutionary biologists, in other words, the danger cry was “highly conserved.”
The fact that the green monkeys reacted to a drone and not other large birds native to the area suggests a subtle but important distinction, Kurt Hammerschmidt, also from the German Primate Center, told AFP.
“The alarm call is not linked to eagles per se,” he said by phone. “It seems to correspond to a broader category: ‘things that fly’.”
To see what the monkeys might have learned from the drone fly-over, the scientists followed up a few days later with a second experiment.
They hid a loudspeaker near a lone monkey that was looking for food and played back the sound of the drone.
“Upon hearing the sound, the animal looked up and scanned the sky,” Fischer said.
Subsequent tests showed that a single exposure to a new threat was enough for the monkeys to know what the sound means, showing a remarkable ability to adapt.
The researchers speculate that the hard-wired monkey calls — and the meaning attached to them — are similar to noises that infant humans make.
“When a child is born, it has the same innate repertoire of pre-verbal sounds such as moaning, laughing and crying,” said Hammerschmidt.
Somehow, humans learned to move beyond this built-in vocabulary and produce new sounds associated with new meanings.
But underneath all the layers of culture and learning, certain core responses that fall within the domain of evolutionary psychology remained.