If you’re one of the 1.5 billion who use WhatsApp, you might want to make sure you’ve updated the app on your phone. It’s been discovered that a vulnerability in WhatsApp on iOS and Android version of the popular messaging and calling app that allows attackers to inject a commercial Israeli spyware app through voice calls.
Here’s the sneaky, tricky bit. The malicious spyware, developed by Israeli company NSO group could silently be installed on phones through voice calls, whether the call was answered or not. On top of that, the code would remove said call from logs, making it incredibly hard to ascertain whether or not it’s even been installed.
A patch was issued yesterday, so it’s probably wise to make sure you’ve updated. Says Facebook:
“The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.”
The spyware in question, Pegasus, can turn on a phone’s microphone and camera, collect location data and trawl through emails and messages. It’s intended for government use to track down and fight terrorism, but its uses are far more wide-reaching, and potentially more nefarious. According to some reports, the attack could have been used to target humans rights campaigners.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” Said Facebook. “We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
Whether you work in human rights or not, it’s probably best to make sure you’ve got WhatsApp updated. On that note, it’s also probably time to shed apps and services owned by Facebook. Telegram, anyone?
Last Updated: May 14, 2019