Get the biggest stories sent straight to your inbox Sign up for regular updates and breaking news from WalesOnline Thank you for subscribing We have more newsletters Show me See our privacy notice Invalid Email

WhatsApp security is being improved amid concerns hackers have injected surveillance software on to phones.

The app, which is owned by Facebook, is rolling out a fix after attackers are said to have installed malicious codes on iPhones and Android phones by ringing up a target device.

Users are being urged to update the app.

A statement from the firm said they had alerted officials at the US Department of Justice after discovering the vulnerability in early May.

The code could be transmitted even if users did not answer their phones and a log of the call often disappeared, the Financial Times reported.

The company said the attack bore a resemblance to spyware developed for intelligence agencies.

WhatsApp urged all of its 1.5bn users to update their apps as an added precaution.

WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted.

There are concerns that the software was used in attempts to access the phones of human rights campaigners, including a UK-based lawyer.

WhatsApp said: "We believe a select number of users were targeted through this vulnerability by an advanced cyber actor.

"This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

"We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society"

(Image: PA)

According to the Financial Times, the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.

The company told the paper: "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.

"NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer)."

The vulnerability and suspected attacks have been investigated by Citizen Lab, a research group at the University of Toronto.

"We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer," the lab said.

On Monday, Amnesty International said it was backing legal action against the Israeli Ministry of Defence demanding that it revokes NSO Group's export licence.

Danna Ingleton, deputy director of Amnesty Tech, said: "NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics."

How was the security flaw used?

It involved attackers using WhatsApp's voice calling function to ring a target's device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device's call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.