WhatsUpp with Commercial Hacking Tools in Government Hands?

If you're like 1.5 billion other people on the planet – or if you are Jared Kushner – you conduct a lot of your personal or business conversations on WhatsApp, the Facebook-owned messaging app that says it's largely impervious to snoopers, hackers, and spooks.

But according to a bombshell report in The Financial Times earlier this week, the app has long contained a critical flaw that's enabled hackers to tap into your smartphone just by placing a WhatsApp voice call to you.

The hack relied on a program written by the Israeli tech firm NSO, which designs powerful snooping tools for law enforcement and counterterrorism officials in the Middle East and "western countries."

But it appears that political dissidents, human rights activists, and even a lawyer filing a liability suit against NSO itself were targeted – the FT report doesn't say who the attackers were.

WhatsApp says the bug has been fixed as of Monday. But this story – in which a commercial hacking program sold to governments was used to violate people's privacy and snoop on dissidents –illustrates a few big political challenges that we've highlighted in discussions about cybersecurity.

Cyber-arms control is hard. Cyberweapons, being scripts of computer code, can be very hard to control and contain, even with close oversight of who gets to buy them.

Mission creep is easy. Companies like NSO say they sell these products only to police and counterterrorism officials – but once they are in government hands, they can be used (or sold, or stolen) for other purposes or by other parts of the state.

Liability is murky. Who should be held accountable here: NSO for developing a product that was used beyond its (presumably) stated intent? Or WhatsApp for failing to guarantee the security of its own platform?

Surveillance and espionage are hardly new. But never before has there been a device that contained as much data about your thoughts, habits, preferences, movements, and personal relationships as the device you're holding or reading right this second.

The upshot: With hackers, governments, and commercial developers all trying to figure out how best to crack into it – what are the rules of the game?

More from GZERO Media

Jeff Frampton

Seven warships, a nuclear submarine, over two thousand Marines, and several spy planes. Over the past week, the United States has stacked a serious military footprint off Venezuela’s coast.

Senator Flavio Bolsonaro, son of former Brazilian President Jair Bolsonaro, speaks during a press conference, after Brazil's Supreme Court issued a house arrest order for his father, in Brasilia, Brazil, August 5, 2025.
REUTERS/Mateus Bonomi

Brazil’s Supreme Court on Tuesday began the final phase of the historic trial of former president Jair Bolsonaro, accused of plotting a coup to cling to power after losing the 2022 election.

Five years ago, Microsoft set bold 2030 sustainability goals: to become carbon negative, water positive, and zero waste—all while protecting ecosystems. That commitment remains—but the world has changed, technology has evolved, and the urgency of the climate crisis has only grown. This summer, Microsoft launched the 2025 Environmental Sustainability Report, offering a comprehensive look at the journey so far, and how Microsoft plans to accelerate progress. You can read the report here.