A serious security flaw has been discovered in messaging app WhatsApp that allowed attackers to install spy software on phones.Wired UK and the Financial Times report that a major security vulnerability has been discovered in WhatsApp, the secure messaging app owned by Facebook. Attackers were able to specifically target certain phones by making a WhatsApp call to its phone number, which allowed them to then exploit the vulnerability to install spy software on the device.
While the messaging portion of WhatsApp uses end-to-end encryption to secure communications from being intercepted, there's nothing to stop a bug or back door in the actual app from being exploited (if one exists) to access a victim's phone. Once a phone is infected with the spy software, the attacker can access your WhatsApp messages directly and it's possible that they could have access to information outside the app such as emails, photos, and location data.
A
WhatsApp representative told Wired UK that "This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems," but it's not yet known who actually used the software and initiated the hacks. The
Financial Times reports that it believes the software originated from Israeli firm NSO Group, and an NSO spokesperson said that the company doesn't use its technology on its own but that it's provided to intelligence and law enforcement agencies.
So what do you need to do to stay safe from this hack? The latest advice is just to head to the Google Play store on Android or the App store on iOS and manually ensure sure that WhatsApp is
updated to the latest version, which is 2.19.134 on Android and 2.19.51 on iOS. Updating to this version will not necessarily remove the spy software from your phone if it's been installed, however.
The attack didn't require any user to take any action, so there's nothing you could have done to prevent being hacked, and there is currently no advice on how to check if you've been hit by the attack. WhatsApp says that it's too early to know exactly who was affected by this hack, but the attack is highly targetted and it's expected that the targets included journalists, human rights organisations, and other activists. Further information is expected to be forthcoming.
Source: Wired UK, Financial Times, BBC News
About the author
Brendan is a Sync NI writer with a special interest in the gaming sector, programming, emerging technology, and physics. To connect with Brendan, feel free to send him an email or follow him on Twitter.
Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.
Sign up now for a FREE weekly newsletter showcasing the latest news, jobs and events in NI’s tech sector.
