WhatsUpp with Commercial Hacking Tools in Government Hands?

If you're like 1.5 billion other people on the planet – or if you are Jared Kushner – you conduct a lot of your personal or business conversations on WhatsApp, the Facebook-owned messaging app that says it's largely impervious to snoopers, hackers, and spooks.

But according to a bombshell report in The Financial Times earlier this week, the app has long contained a critical flaw that's enabled hackers to tap into your smartphone just by placing a WhatsApp voice call to you.

The hack relied on a program written by the Israeli tech firm NSO, which designs powerful snooping tools for law enforcement and counterterrorism officials in the Middle East and "western countries."

But it appears that political dissidents, human rights activists, and even a lawyer filing a liability suit against NSO itself were targeted – the FT report doesn't say who the attackers were.

WhatsApp says the bug has been fixed as of Monday. But this story – in which a commercial hacking program sold to governments was used to violate people's privacy and snoop on dissidents –illustrates a few big political challenges that we've highlighted in discussions about cybersecurity.

Cyber-arms control is hard. Cyberweapons, being scripts of computer code, can be very hard to control and contain, even with close oversight of who gets to buy them.

Mission creep is easy. Companies like NSO say they sell these products only to police and counterterrorism officials – but once they are in government hands, they can be used (or sold, or stolen) for other purposes or by other parts of the state.

Liability is murky. Who should be held accountable here: NSO for developing a product that was used beyond its (presumably) stated intent? Or WhatsApp for failing to guarantee the security of its own platform?

Surveillance and espionage are hardly new. But never before has there been a device that contained as much data about your thoughts, habits, preferences, movements, and personal relationships as the device you're holding or reading right this second.

The upshot: With hackers, governments, and commercial developers all trying to figure out how best to crack into it – what are the rules of the game?

More from GZERO Media

Stephen Graham, winner of Best Lead Actor in a Limited or Anthology Series or Movie and Best Writing for a Limited or Anthology Series or Movie, Owen Cooper, Best Supporting Actor in a Limited or Anthology Series or Movie, and Erin Doherty, Best Supporting Actress in a Limited or Anthology Series or Movie, for "Adolescence", Best Limited or Anthology Series pose with their awards at the 77th Primetime Emmy Awards in Los Angeles, California, U.S., September 14, 2025.
REUTERS/Daniel Cole

8: Netflix teen murder series "Adolescence" won eight Emmys including for best limited series. Supporting actor Owen Cooper,15, became the youngest male actor to win an Emmy.

Senior U.S. and Chinese led by U.S. Treasury Secretary Scott Bessent, U.S. Trade Representative Jamieson Greer, Chinese Vice Premier He Lifeng and Chinese trade negotiator Li Chenggang meet to discuss trade and economic issues and TikTok, in Madrid, Spain, September 14, 2025.
United States Treasury/Handout via Reuters.

In an announcement teeming with viral potential, the White House said the US and China have outlined a deal for TikTok to continue operating in the US.

U.S. President Donald Trump holds a letter from Britain's King Charles as he meets with British Prime Minister Keir Starmer in the Oval Office at the White House in Washington, D.C., U.S., February 27, 2025.
REUTERS/Kevin Lamarque/File Photo

As US President Donald Trump travels to the United Kingdom this week, there is an unnerving sense in which the ghost of Christmas past will be greeting the potential ghost of Christmas yet to come.

A combination photo shows a person of interest in the fatal shooting of U.S. right-wing activist and commentator Charlie Kirk during an event at Utah Valley University, in Orem, Utah, U.S. shown in security footage released by the Utah Department of Public Safety on September 11, 2025.
Utah Department of Public Safety/Handout via REUTERS