THE Irish data watchdog is probing the WhatsApp attack to determine if European users have been affected by the breach.
WhatsApp has rushed to roll out a security fix after concerns were raised hackers could inject surveillance software on to phones via the call function.
The app discovered a vulnerability that allowed attackers to install malicious code on iPhones and Android phones by ringing up a target device.
The code could be transmitted even if users did not answer their phones and a log of the call often disappeared, the Financial Times reported.
The company, which is owned by Facebook, said the attack bore a resemblance to spyware developed for intelligence agencies.
There are concerns that the software was used in attempts to access the phones of human rights campaigners, including a UK-based lawyer.
“We believe a select number of users were targeted through this vulnerability by an advanced cyber actor,” WhatsApp told the FT.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.
“We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
The firm is said to have alerted officials at the US Department of Justice after discovering the vulnerability in early May.
However, it only informed the Data Protection Commissioner (DPC) on Monday night about the “security vulnerability”.
The company are still investigating as to whether the any EU user’s [personal data has been affected by the breach. WhatsApp is owned by Facebook whose European Headquarters are based here.
The Data Protection Commissioner said in a statement: “While the possibility remains that EU users were affected and in light of the understood severity of the incident, all WhatsApp users are urged to ensure that the latest version of the WhatsApp application is installed on their device, available via the Apple Store or Google Play Store.
“The DPC is actively engaging with WhatsApp Ireland to determine if and to what extent any WhatsApp EU user data has been affected.
“Users are urged to download the latest version of the app to combat the security risk.”
According to the Financial Times, the spyware at the centre of the attack was developed by NSO Group, an Israeli cybersecurity and intelligence company.