WHATSAPP – THE INSTANT messaging app with over 1.5 billion users – has suffered a “serious security vulnerability” that may have allowed someone acting with malicious intent to install spyware on people’s phones.
The company has officially notified the Data Protection Commission about the breach, which may have allowed people’s personal information to be accessed on their phones.
So what exactly is the vulnerability? Who is behind it? And how do you protect your phone against it?
The vulnerability and spyware
The vulnerability was present in a version of WhatsApp before the latest update. It allowed hackers to insert malicious software on phones by calling the target using the app.
Spyware is software that allows someone to get covert information about someone’s computer or mobile device activities by transmitting data covertly from their device, without the person’s knowledge.
The spyware in question here affects Android devices and Apple’s iPhones, among other phones, and was identified earlier this month.
WhatsApp said that it was sophisticated and “would be available to only advanced and highly motivated actors” and that a ”select number of users were targeted”.
People would not have to answer the in-app call for the code hacking the phone to get shipped. Once on the phone, it could enable someone to access a user’s personal information.
The log of the missed call could then be deleted from the phone.
Similar technology has shown to control phones’ cameras and effectively turn them into pocket-sized surveillance devices.
An unknown number of people – an amount ‘in the dozens at least’ would not be inaccurate, according to the tech company – were infected with the malware.
John Scott-Railton, a researcher with the internet watchdog Citizen Lab, called the hack “a very scary vulnerability.”
“There’s nothing a user could have done here, short of not having the app,” he said.
Who is responsible?
WhatsApp has not named who it believes is responsible for the attack.
However, the Financial Times identified the Israel’s NSO Group as having responsibility, and a WhatsApp spokesperson later said “we’re certainly not refuting any of the coverage you’ve seen”.
NSO said in a statement that its technology is used by law enforcement and intelligence agencies to fight “crime and terror”.
“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system,” the statement said.
The revelation adds to the questions over the reach of the Israeli company’s powerful spyware, which has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents.
The Citizen Lab said in a tweet it believed an attacker tried to target a human rights lawyer as recently as Sunday using this flaw, but was blocked by WhatsApp.
How can you protect against the spyware
As of yet, it is unclear if any Irish or European people’s phones have been infected with the spyware.
While the possibility remains that peoples’ phones could be affected by the breach, all WhatsApp users are urged to ensure that the latest version of the WhatsApp application is installed on their device, available via the Apple Store or Google Play Store.
To update to the latest version of WhatsApp, users should:
For iPhone
Open the App Store and along the bottom select updates.
Any pending app updates will be listed here.
Select “WhatsApp” and Update
For Android
Open the Play Store and tap on the 3 lines in the upper left corner.
Select “My apps & games” from the menu.
Select “WhatsApp” and Select Update
To embed this post, copy the code below on your site
have your say