Facebook recently discovered spyware in its WhatsApp messaging app. The bug targets both Android and iOS phones. Israel’s secretive NSO group developed the spyware. They can install it on your phone simply by leaving a missed WhatsApp call on the target’s phone.
WhatsApp is now urging its 1.5 billion users around the world to update their apps immediately. This will enable them to close the security breach. The spyware, once installed, can turn on a phone’s camera and mic, scan messages, emails and even collect your location data.
In a recent statement, WhatsApp said,
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
Facebook also issued a security advisory yesterday, Monday, 13th May 2019, in relation to the new vulnerability. According to the advisory, they said,
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”
The spyware was first discovered early in May 2019. The NSO Pegasus program recently targeted a UK-based human rights organisation. However, WhatsApp has since blocked the attack. Subsequently, the company is investigating the situation even though they are unable to ascertain the number of phones targeted so far.
According to a statement credited to WhatsApp by The Financial Times,
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
NSO says they sell the spyware to governments to help fight crime and terrorism. But, so far, other individuals or organisations have used it for selfish reasons. The NSO spyware was involved in an attack on an Emirati human rights activist in 2016. It also targeted certain journalists who were investigating a scandal that involved the Mexican president.
Meanwhile, researchers claim that about 45 countries used the spyware to aid the persecution of innocent civilians and journalists. People are apparently selling the Pegasus spyware without proper control.