WhatsApp Security Flaw: Specific Users Targeted in Spyware Attack
WhatsApp has confirmed it was subject to spyware that allowed the attacker to read a target’s messages, as reported by MIT Technology Review on May 14, 2019. The hackers accessed messages after penetrating WhatsApp’s encryption through a flaw in the voice call feature.
Spyware Strikes Again
WhatsApp, which is piloting a stablecoin launch, has confirmed reports of its messaging software, used by 1.5 billion people, being compromised through a flaw in its code. WhatsApp has been targeted by hackers before in a Bitcoin penny stock scam.
The surveillance software used by the hacker(s) was developed by NSO Group, an Israeli cyber intelligence firm, and speculation suggests that the developers of the spyware themselves are behind this attack; the company has not yet addressed the accusations that they carried it out themselves and are unlikely to do so.
Users of WhatsApp received a voice call from an unknown number but didn’t even have to pick it up for the spyware to infect their device. In most cases, the calls, which were hidden on the call log, were quickly connected to the affected device and cut before they were ever seen. The calls may possibly have been timed at a point where the user wasn’t online for a particular length of time.
NSO Group has allegedly boasted of their ‘no-click’ spyware capabilities for quite some time now; this is the main reason users speculate they are behind the attack – as a means of showcasing their software capabilities.
Vulnerabilities are discovered all the time but this is an significant attack that utterly exploits an individual’s privacy. Users of WhatsApp’s business version could have had sensitive information leaked in a public avenue.
What Do I Do Now?
The company issued a circular to update all devices immediately as the vulnerability has been fixed in the latest update.
Facebook, which owns WhatsApp, implemented a server side change to help protect users as of May 13, 2019. If for some reason you are unable to update WhatsApp, users are suggested to uninstall and reinstall the app.
WhatsApp lists its latest version on its website; users are strongly recommended to make sure their app version and the latest version are one and the same.
A spyware attack on the world’s largest messaging service can cause widespread disruption; being vigilant in terms of cybersecurity is the need of the hour in today’s technological climate.