WhatApp users urged to update app after serious security vulnerability discovered

WhatsApp, the messaging app owned by Facebook, confirmed a serious security vulnerability in its system on Monday, 13 May that left users open to spyware installations on their phone 

The breach, affecting both iOS and Android users, enabled the software to be installed through voice calls, even if the call wasn’t picked up. In some cases, the call was removed from the call log, so the missed call would not show up.  

Once installed, the criminal hackers could view everything on the infected phone, including contacts, messages and calls. They could also use the microphone, camera, and data on the phone’s current location. 

According to WhatsApp, the vulnerability was secured in early May, but speculation suggests that another attempt to breach the app occurred over the weekend. WhatsApp has also advised its 1.5 billion users to update their apps as a precaution. 

 

Who is behind the breach? 

According to the Financial Times, the software being used was developed by the NSO Group, an Israeli cyber intelligence company, but the firm has denied any part in the breach. 

In a statementthe group said: “NSOs technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror. 

The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. 

Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation. 

 

Who has been targeted? 

WhatsApp said the number of users affected is not yet known, but that the attacks seem to be highly targeted. 

So far, affected users include a Londonbased lawyer currently involved in lawsuits against the NSO Group, a Saudi dissident residing in Canada, a Qatari citizen and several Mexican journalists and activists.  

 

WhatsApp notifies the Irish DPC 

WhatsApp notified the DPC (Data Protection Commission) of the breach on 13 May under Article 33 of the GDPR (General Data Protection Regulation) 

Reiterating WhatsApp’s advice, the DPC said: “While the possibility remains that EU users were affected and in light of the understood severity of the incident, all WhatsApp users are urged to ensure that the latest version of the WhatsApp application is installed on their device, available via the Apple Store or Google Play Store. 

 

How to update WhatsApp 

For iOS users: 

  1. Open the App Store. 
  2. At the bottom of the screen, tap ‘updates’. 
  3. Any apps with pending updates will be listed here.  
  4. Select ‘WhatsApp’ and update.  
  5. The latest version of WhatsApp is 2.19.51. 

For Android users: 

  1. Open the Google Play store.  
  2. Select ‘my apps & games’ from the menu.  
  3. Select ‘WhatsApp’ and update.  
  4. The latest version of WhatsApp is 2.19.134. 

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.