WhatsApp has asked users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into people’s phones using commercial Israeli spyware.
The chat app, owned by Facebook Inc., said it had discovered a vulnerability in early May that could enable attackers to insert and execute code on mobile devices.
WhatsApp said it made changes to its infrastructure late last week to block the attacks from taking place, adding that only a select number of users appeared to have been targeted through the vulnerability by an advanced cyber actor.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a spokeswoman for the company said Tuesday.
The statement follows a report by the Financial Times that attackers were able to install surveillance software, developed by Israeli company NSO Group, on iPhones and Android devices by calling targets using the app’s phone call function.
WhatsApp said the attack has the hallmarks of a private company that works with governments to deliver spyware, which takes over control of mobile phone operating systems.
WhatsApp said it has notified European data privacy regulators of the breach and has also provided U.S. law enforcement information to conduct an investigation. It also said it had briefed human rights organizations to work with them to notify civil society.
Ireland’s Data Protection Commission said WhatsApp notified the regulator on Monday of a “serious security vulnerability” and that it is actively engaging with the company to check if any EU user data has been compromised.