WhatsApp has discovered a major vulnerability in its app that allowed spyware to be installed on a user’s phone through a WhatsApp voice call.
Having discovered the vulnerability, WhatsApp is now encouraging all users to download and install the latest version of the app, which contains the security fixes required to patch up the problem.
According to the Financial Times, the spyware was developed by an Israeli intelligence company called NSO Group and allowed the attackers to transmit the spyware by infecting a call.
In fact, it didn’t even matter if the recipient answered the call or not. The malicious code transmitted in the call still did its work, and, then wiped the evidence of the call afterwards.
Once installed on a phone, the spyware - named Pegasus - can extract virtually all the data that’s on a smartphone; whether that be text messages, GPS location, email, browser history or anything else.
Traditionally, it’s only sold to government/state intelligence agencies, but in this particular instance, the spyware was used on 12 May to attack a UK attorney’a phone, who happened to be involved in a lawsuit against NSO Group.
NSO Group told FT “under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual.”
It’s worth noting, the spyware installed via voice call doesn’t affect the app’s end-to-end encrypted text chats. And while it’s unlikely the spyware would be used on every Joe Bloggs on the street, it is worth updating the app just to make sure you have the latest, most secure version available.