Journalism of Courage

WhatsApp reveals attack that lets single call install spyware in phone, says users must update app right now

When was the last time that you updated WhatsApp on your iPhones or Android smartphones? If you have been ignoring the warning signs of a software update on your smartphone for weeks due to your endless household chores or busy work schedule, now might be the right time to pause everything and update WhatsApp on your smartphones. If you are wondering why we write with such urgency regarding updating WhatsApp on your smartphones, the reason is pretty simple. WhatsApp has detected a bug on its platform that allows malicious actors to install spyware on your smartphone using a single WhatsApp call.

This means that a simple WhatsApp call made on your smartphone – even if you don’t recieve it – leaves your phone and all the data, including your call logs, your emails, your messages, photos etc, vulnerable to an Israeli cyber intelligence company, NSO.

According to a report by the Financial Times, the code developed by NSO could be transmitted on to your smartphone even if you didn’t answer the WhatsApp call and it often disappears from the WhatsApp call logs. This means that there is no way of knowing if you have received a suspicious call, even if you did.

The versions of WhatsApp that have been affected by the issue include — WhatsApp for Android v2.19.134 and before, WhatsApp Business for Android v2.19.44 and before, WhatsApp for iOS v2.19.51 and before, WhatsApp Business for iOS v2.19.51 and before, WhatsApp for Windows Phone v2.18.348 and before, and WhatsApp for Tizen v2.18.15 and before.

WhatsApp discovered the bug earlier this month and it began rolling out an update to secure its servers last Friday and a security patch to its customers on Monday. “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp told the FT in a statement.

“We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society,” it added.

The company, at the moment, is in the early stages of its investigation to determine how many people were affected using this hack. Meanwhile, the Facebook-owned social messaging app is urging its users to update their apps as soon as possible in order to prevent themselves from getting affected by the hack. It has also issued a Common Vulnerabilities and Exposures (CVE) notice to cyber security experts informing them about the vulnerability. In addition to this, the popular messaging app has also alerted the US Justice Department about the matter.

Notably, the code by the NSO, which is a part of Pegasus — a program that can turn on a phone’s camera and microphone, go through images and messages and collect location data, had been developed to target a UK-based lawyer who has helped a group of Mexican journalist, government critics and a man of Saudi Arabian dissent living in Canada sue NSO in the past on the grounds that it was reponsible for the abuse of its software by its clients, which includes governments and intelligence agencies.

NSO, on the other hand, has rejected these claims that it did not use its technology to target the UK-based lawyer. “NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual [the UK lawyer],” NSO said in a statement to the publication.

Meanwhile, if you haven’t updated WhatsApp on your smartphone, we recommend that you do so as soon as possible to avoid your smartphone from getting affected by the hack.


Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More