Users of iPhone, Android and Windows device are being urged to update their WhatsApp smartphone apps immediately because of a security bug that allows hackers to take over your phone by simply calling it, whether or not you answer.
What has happened?
A vulnerability in the popular Facebook-owned messaging service has been discovered, which allowed hackers to install spyware through an infected WhatsApp voice call.
The spyware is capable of trawling through calls, texts and other data, activating the phone’s camera and microphone and performing other malicious activities.
Which phones does it affect?
All brands of phones with WhatsApp or WhatsApp Business installed are affected, including Apple’s iPhone (iOS), Android phones, Windows Phones and Tizen devices, according to Facebook. WhatsApp is used by 1.5 billion people globally.
Who is behind the attack?
According to the Financial Times, Israeli cyber intelligence company NSO Group developed the spyware. Users did not even have to accept the call, and it was often hidden from logs, the paper said.
Has it affected me?
The number of people spied on is not yet known. A few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been identified.
If you haven’t received any WhatsApp voice calls or dropped calls from unknown parties then you have probably not been targeted. But if you happen to be a lawyer or work in sensitive industries and use WhatsApp, even for personal correspondence, you should be especially vigilant.
What do I need to do to protect myself?
Facebook implemented a server-side change to help protect users and pushed out updates for the various smartphone WhatsApp versions on Monday.
Users are strongly advised to check for updates manually through the Apple App Store on an iPhone, Google Play or similar on an Android device, the Microsoft Store on Windows Phones and the Galaxy app store on Tizen devices.
Failing that, uninstalling WhatsApp from your phone will protect you from the attack.
How do I tell if I’m using the latest version?
WhatsApp lists the most-up to-date version of its Android app on its site. You can find the version number of the app installed on your Android phone by long-pressing on the WhatsApp icon and selecting App info, or finding the list of apps in your phone’s settings.
However, simply installing all the relevant app updates from your phone’s built-in app store is the best way to ensure you’re using the latest signed and verified version of the app.
What about my phone?
Keeping your apps up to date is crucial for protecting yourself against hacking and data theft, but your phone’s operating system is just as important.
You should always install the latest version iOS or Android, and should think twice before using a phone that is no longer supported with software updates.
Most iPhones receive in excess of five years of software support. Android devices are dependent on manufacturer, with Google’s Pixel smartphones being the gold standard, receiving at least three years of monthly security updates and Android version updates.
Why is software support so crucial?
Vulnerabilities are discovered all the time and each is added to a hacker’s armoury, and they are often combined in creative ways to take over devices and steal data.
While most security holes are fixed by software makers, you’re only protected if you actually receive the software fix. For most users there is nothing you can do to fix the problem yourself, which means you are entirely reliant on the software support you receive from the developer or manufacturer of your device.
The older your software, the more vulnerabilities affect it and the more at risk you are from cyber criminals.
Source: The Guardian