A vulnerability discovered in WhatsApp messaging service is being exploited to inject spyware onto Android and iOS phones simply by calling the number.
The spyware, developed by Israel’s secretive NSO group, can be installed without a trace and without the receiver answering the call, according to security researchers and confirmed by WhatsApp.
Once installed, the spyware can turn on a phone’s camera and mic, scan emails and messages, and collect the user’s location data. WhatsApp is urging its 1.5 billion global users to update the app immediately to close the security hole.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” said WhatsApp in a statement.
The vulnerability discovered in early May, was targeted as recently as Sunday when a UK-based human rights lawyer was attacked by NSO’s flagship Pegasus program, according to researchers at Citizens Lab. The attack was blocked by WhatsApp. WhatsApp is investigating the situation but is so far unable to estimate the number of phones successfully targeted by the exploit, said a source speaking to the Financial Times.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” said WhatsApp in a statement provided to The Financial Times. “We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
Protect Your WhatsApp Account
- Always install the latest software and app updates.
- Don’t jailbreak or root your devices. Disabling software restrictions leaves your phone, as well as the private data stored on it, vulnerable to malware and cyber criminals.
- Only install apps from official app stores, such as Google Play or the app store that came pre-installed with your device.
WhatsApp security tips:
WhatsApp recently announced that it has more than 700 million monthly active members, sending a combined total of 30 billion messages a month. That’s an enormous volume of personal information being communicated, and even though WhatsApp now encrypts all of its messages and data, it pays to be secure with your chats.
Lock WhatsApp: One of the best WhatsApp security tips is to protect the app with a password or PIN. WhatsApp itself doesn’t offer such a function, but there are third-party apps that do. It might seem cumbersome but if you lose your phone, it’s going to prevent anyone else accessing your chats. Messenger and Chat Lock, Lock for WhatsApp and Secure Chat are three Android apps that do just that.
Watch out for scams: WhatsApp itself will never contact you through the app. Also, WhatsApp does not send emails about chats, voice messages, payment, changes, photos, or videos, unless you email their help and support to begin with. Anything offering a free subscription, claiming to be from WhatsApp or encouraging you to follow links in order to safeguard your account is definitely a scam and not to be trusted.
Deactivate WhatsApp: if you lose your phone WhatsApp offers users simple and effective security tips to keep control of your account if your phone is lost or stolen. As well as locking your SIM card through your network provider, WhatsApp recommends that you immediately activate WhatsApp with the same phone number on a different phone, with a replacement SIM. The app can only be used by one number on one device at a time, so by doing so you instantly block it from being used on your old phone. If that’s not possible, WhatsApp can deactivate your account.