If you never cared about updating your WhatsApp version earlier, it is time that you do so urgently. Ignoring the warning signs of WhatsApp update on your smartphone for weeks can actually land you in deep trouble.
Facebook-owned, WhatsApp has been attacked by hackers to install spyware on the user’s device. The detected bug on the WhatsApp platform allows hackers to install spyware on your smartphone using a single WhatsApp call. What is more disturbing is the fact that it does not even expect the users to receive the Whatsapp call to deliver the spyware. A single call from an unknown number, answered or unanswered, can leave your personal information in tatters.
The spyware is capable of spying your call logs, emails, messages, photos, documents and other data available on your smartphone.
Who is behind this WhatsApp spyware attack
According to a report by the Financial Times, Israeli cyber intelligence company NSO Group developed the spyware.
NSO is a multi-million-dollar Israeli technology firm that specializes in cyber-surveillance tools. The company is hardly in the news and maintains distance for the media interactions.
Its flagship product, Pegasus, is known to be a powerful piece of malware designed to track a user’s cellphone. The software is able to infect a device after a single click on a link in a fake text message, which then grants complete access to the phone. Data stored on the phone — messages, phone calls, and even GPS location data — are visible, allowing NSO’s clients to see where someone is, who they are talking to, and about what.
According to the researchers associated with the Toronto-based Citizen Lab, up to 45 countries already use NSO’s Pegasus technology, and at least 6 of them, namely — Saudi Arabia, the United Arab Emirates, Bahrain, Mexico, Morocco, and Kazakhstan have previously been linked to abusive use of spyware to target civil society.
The first target of this kind of spyware attack is a UK-based lawyer who has helped a group of Mexican journalist, government critics and a man of Saudi Arabian dissent living in Canada sue NSO in the past on the grounds that it was responsible for the abuse of its software by its clients, which includes governments and intelligence agencies.
NSO, though on the accusations has refused to accept any and issued a statement saying,
“NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual [the UK lawyer].
Affected Whatsapp versions
The versions of WhatsApp that have been affected by the issue include — WhatsApp for Android v2.19.134 and before, WhatsApp Business for Android v2.19.44 and before, WhatsApp for iOS v2.19.51 and before, WhatsApp Business for iOS v2.19.51 and before, WhatsApp for Windows Phone v2.18.348 and before, and WhatsApp for Tizen v2.18.15 and before.
Meanwhile, WhatsApp discovered the bug earlier this month and it began rolling out an update to secure its servers last Friday and a security patch to its customers on Monday.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society,” WhatsApp said in a statement.”.
The company has urged its users to update their apps as soon as possible in order to prevent themselves from getting affected by the hack. It has also issued a Common Vulnerabilities and Exposures (CVE) notice to cybersecurity experts informing them about the vulnerability.
How to stay protected
WhatsApp has released a patch, which is available in an upgrade.
If you’re an iPhone user, open the App Store on your device and tap open the “Updates” tab along the bottom of the screen. If your version of WhatsApp needs to be updated, you will see it listed in the “Pending” list at the top.
For Android users, go to the Google Play Store on your phone and find “My apps & games” in the menu. Find WhatsApp in the “Updates pending” list.