Social media giant WhatsApp is encouraging its users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function. The spyware, developed by Israeli cyber intelligence company, used infected phone calls to take over the functions of operating systems the company first reported the vulnerability on Monday
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a WhatsApp spokesperson said in an email. Around 1.5-billion users were affected by a vulnerability that allowed attackers to inject commercial Israeli spyware into phones. The surveillance software was installed on both iOS and Android devices using the app’s call feature. This gave the hackers complete access to everything on infected mobile devices, including personal information, email, contacts, camera, location, and microphone. WhatsApp wouldn’t explain much about how the bug was discovered or given specification on how it works, but the company says it is doing infrastructure upgrades in addition to pushing a patch to ensure that customers can’t be targeted with other phone-call bugs. WhatsApp has about 1.5bn users around the world. The messaging app uses end-to-end encryption, making it popular and secure for activists and dissidents. The Pegasus spyware does not affect or involve the app’s encryption. The number of people spied on is not yet known. A few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been identified. “This isn’t about you being careful with the calls you make or take — it’s about a bug that can be exploited if WhatsApp is running at all. So, the care you need to take is this: update your WhatsApp app now! Even if you think you have automatic updating turned on, go and check,” said Paul Ducklin, senior security advisor
Users are strongly advised to check for updates manually through the Apple App Store on an iPhone, Google Play or similar on an Android device, the Microsoft Store on Windows Phones and the Galaxy app store on Tizen devices, on the other hand uninstalling WhatsApp from your phone will protect you from the attack, but as many people are dependent upon it one can take precautionary measures by just keeping your app updated, The older your software, the more vulnerabilities affect it and the more at risk you are from cybercriminals. It is just as important to keep your desktop, laptop or tablet computer up to date.