WhatsApp has rolled out an update to its servers. It has also rolled out a security patch on to its Android and iOS apps to safeguard your phone data.
WhatsApp is arguably one of the most popular social messaging apps in the world. In the recent times, the Facebook-owned social messaging app has been under fire owing to the rampant spread of misinformation on its platform. But never has the app been under seige by a malware. That is until now.
WhatsApp has detected a zero-day vulnerability on its platform that could leave billions of WhatsApp users across the globe exposed to a spyware that hacks into users’ smartphones to extract details such as users’ messages, call logs, emails, photos etc. What’s scary about this spyware is that it can slip on any WhatsApp users’ smartphone without giving the slightest clue that their devices have been infected. All it takes is a WhatsApp call.
In case you are wondering that ignoring or not receiving the call would save you from the impact of this malicious softare, then we have some bad news for you – there is no running away from this spyware. And the only way you can safeguard the data on your smartphone is by updating WhatsApp on your smarphone to the latest version – the one that includes a patch to this security loophole.
It is possible that all this talk about spyware and zero-day vulnerabilities might have left you confused regarding the issue and the ways to mitigate it. So, here’s an easy guide that will help you understand and answer all your questions about WhatsApp’s spyware attack:
What is the WhatsApp spyware attack?
WhatsApp, earlier this week, detected a bug on its platform that allowed malicious actors to hack into users’ smartphones and steal all their data, which includes – their call logs, messages, photos, contacts, emails, location and other details. This bug could be installed on a smartphone – both Android smartphones and iPhones – by placing a WhatsApp call on their smartphones.
Even if a user didn’t receive the WhatsApp call, the spyware would install on his/her smartphone giving hackers unlimited access to their data. What’s more alarming is that the once installed, the spyware erases all call logs within WhatsApp giving users no means to confirm an attack.
Who is responsible for the WhatsApp spyware attack?
A report by the Financial Times noted that Israeli cyber security firm NSO used Pegasus – a program developed by the company that can turn on a phone’s camera and microphone to surf through the phone’s data – could be behind the attack. The company had reportedly been targeting a UK-based lawyer who helped a group of Mexican journalist, government critics and a man of Saudi Arabian dissent living in Canada sue NSO.
“It is upsetting but it is not surprising. Someone has to be quite desperate to target a lawyer, and to use the technology that is the very subject of the lawsuit,” the UK-based lawyer told The Gurdian.
NSO, on the other hand, has refuted all such claims saying that it cannot use its own technology to target an individual or an organisation. “NSO would not or could not use its technology in its own right to target any person or organisation, including this individual,” the cyber intelligence firm told the publication.
Who all is vulnerable to the attack?
All WhatsApp users using the company’s Android, iOS and Windows app – across the globe including India — are vulnerable to this security loophole. WhatsApp issued a Common Vulnerabilities and Exposures (CVE) notice informing cyber security experts about the attack. As per the CVE notice issued by the Facebook owned company all the WhatsApp users using — WhatsApp for Android v2.19.134 or less, WhatsApp Business for Android v2.19.44 or less, WhatsApp for iOS v2.19.51 or less, WhatsApp Business for iOS v2.19.51 or less, WhatsApp for Windows Phone v2.18.348 or less, and WhatsApp for Tizen v2.18.15 or less are succeptible to attack.
What is WhatsApp doing to mitigate this situation?
WhatsApp is investigating the matter. In the meantime, it has rolled out an update to secure its servers. The social messaging app has also rolled out a security patch to safeguard smartphones from the vulnerability.
In addition to this, the company has alerted the US Justice Department about the issue.