HACKERS have targeted the Facebook-owned messaging app, installing surveillance software on mobiles.
WhatsApp has told its 1.5billion users around the world to update the service. Here’s everything we know.
How did attackers target WhatsApp?
Hackers are said to have used a security flaw in the app to target what Facebook described as a “select number” of users which was carried out by “an advanced cyber actor”.
The attackers used WhatsApp’s voice calling function to ring a target’s device.
Even if the call was not picked up the surveillance software could still be installed and the call would often disappear from the phone’s call log, according to the Financial Times.
The attack is said to have been developed by Israeli security firm NSO Group.
The problem was initially detected by the WhatsApp security team earlier this month and the information was shared with human rights groups, the US Department of Justice and “selected security vendors”.
In a statement, the firm said: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
What information can the software collect?
NSO Group’s flagship Pegasus software can collect intimate data from a target device.
It can even access a device’s microphone and camera as well as gather location info.
In a statement, the group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.
“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.
“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.
“NSO would not or could not use its technology in its own right to target any person or organisation.”
The company told its users around the world to update their apps as a precaution.
It is not known just how many users were targeted, but a WhatsApp spokesman said a number in the dozens would not be inaccurate.
Here are all the affected versions of the app.
The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
How to update WhatsApp
For iPhone users – go to the app store, tap on updates and refresh, then tap update next to the WhatsApp messenger.
For Android users – go to the play store, tap on menu, then select my apps and games, tap update next to the WhatsApp messenger.
For Windows Phone 8.1 – go to store, select menu, then my apps, select WhatsApp and then update.
For Windows Phone 10 – go to Microsoft store and click on menu, select my library and tap update next to WhatsApp.
For KaiOS users – Press JioStore or store in the apps menu, scroll to the side and select social, then select WhatsApp and press OK or select and update.
Credit: Source link