A major security flaw in the WhatsApp messaging app has been discovered, which allows commercial spyware to be installed onto phones with no interaction from the victim.
WhatsApp, which has 1.5 billion users worldwide, admitted on Monday that attackers were able to exploit a vulnerability by using WhatsApp’s voice calling function to call a device. The surveillance software would then be installed, even if the call was not answered. In some cases, the missed call notification was also wiped, making the attack completely invisible to the victim.
Facebook, WhatsApp’s parent company, have announced that this vulnerability affects both iPhones and Android devices, with reports blaming the Israel-based NSO Group. NSO Group are best known for the infamous Pegasus spyware, capable of silently spying on a device’s calls, messages, emails, photos and location.
Dozens of WhatsApp users, including human rights organisations and a UK-based lawyer, are thought to have been targeted by this new attack. WhatsApp are still investigating the attack and at this time have not reported how many users have been affected.
Tech companies, and in particular Apple, have done a lot in recent years to reassure their customers about the security and privacy of their data. However, such promises would have not protected users from this latest WhatsApp security flaw. It therefore calls into question what other apps could be exploited in a similar way?
All previous versions of WhatsApp for iPhone and Android are vulnerable to this new attack. However, on Monday, WhatsApp have released an update for their app to fix the issue and are urging all users to update their app as soon as possible.
Follow the steps below to update WhatsApp on your device:
- Go to the Play Store
- Tap Menu > My apps & games
- Tap UPDATE next to WhatsApp messenger
- Go to the App Store
- Tap Updates
- Tap UPDATE next to WhatsApp Messenger
This latest WhatsApp security flaw is just one way that someone could spy on your phone. At Certo we specialize in mobile spyware detection and are trusted by thousands of people to safeguard their devices.
Certo’s industry-leading spyware detection tools can check your device in a matter of minutes and will alert you if your device contains spyware, even if its completely hidden.