Sci & Tech
WhatsApp said on Tuesday that a major security breach had allowed hackers to install spyware on some users' phones by simply calling them through the
WhatsApp said on Tuesday that a major security breach had allowed hackers to install spyware on some users' phones by simply calling them through the app.
This malicious code could be installed whether or not the victim answered the call, and all record of the call disappeared from the phone after the spyware was installed.
The spyware is capable of trawling through calls, texts and other data, activating the phone’s camera and microphone and performing other malicious activities, according to reports.
SEE ALSO: Siaya MCA organises music challenge to cushion local artistes against Covid-19
But how do you know if you have been affected by the hack, and what should you do to protect yourself? Here's what you need to know.
Which phones are affected?
All smartphones with WhatsApp or WhatsApp Business installed are affected.
This includes Apple's iPhones, Android phones, Windows Phones and Tizen devices, according to Facebook , which owns WhatsApp.
1.5 billion people use WhatsApp globally.
SEE ALSO: Coronavirus: Smartphones are five-star hotels for germs
Am I affected?
The number of people affected by the hack is not yet known.
WhatsApp said it was still investigating the breach but believed only a "select number of users were targeted through this vulnerability by an advanced cyber actor."
A few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been identified.
The attack seems to have been primarily targeted at human rights campaigners.
SEE ALSO: You will now be served court orders through WhatsApp
If you haven't received any WhatsApp voice calls or dropped calls from unknown callers then you have probably not been targeted.
However, you should still take steps to protect yourself, and if you happen to work for a human rights organisation you should be extra vigilant.
What should I do to protect myself?
WhatsApp has fixed the vulnerability on its end, but your account won't be safe until you install the company's latest app update .
That's version 2.19.134 for Android, version 2.19.51 for iOS, version 2.18.348 for Windows Phone and version 2.18.15 for Tizen.
SEE ALSO: Smartphone vs coronavirus, is privacy always going to be the loser?
If your device doesn't install app updates automatically, you can do it manually by going into the app store, searching for WhatsApp, and hitting the "update" button.
While you are at it, it is worth making sure your operating system is up to date, as this contains a lot of built-in security features designed to protect you from hackers.
WhatsApp said its advice to all users to update came "out of an abundance of caution" and a recommendation by Citizen Lab, a research group at the University of Toronto that it notified about the vulnerability before the announcement.
Who is behind the attack?
According to the Financial Times, secretive Israeli cybersecurity and intelligence company NSO Group developed the spyware.
SEE ALSO: Whatsapp has fueled coronavirus paranoia
NSO did not comment on the specific attacks, but said it would investigate any "credible allegations of misuse" of its technology.
The company said it never picks or identifies targets of its technology, "which is solely operated by intelligence and law enforcement agencies".
"NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer)," it said.
A WhatsApp representative said the attack was sophisticated and had all the hallmarks of a "private company working with governments on surveillance."