Published: Thu, May 16, 2019
IT | By Lester Massey

Security warning after WhatsApp flaw lets hackers infiltrate phones

Security warning after WhatsApp flaw lets hackers infiltrate phones

A WhatsApp vulnerability allowed attackers to remotely install spyware onto phones - by simply calling them.

Tim Erlin, vice-president of product management and strategy at Tripwire, said "this is a troubling vulnerability for any WhatsApp users who have been relying on the app for keeping conversations private". The company also belives that only a relatively small number of users were targeted by the attack.

This comes after the Facebook-owned application was hacked by an advanced cyber actor using software developed by Israeli cyber arms dealer NSO Group, said the Financial Times.

Q How do I tell if the flaw was exploited and spyware injected?

While WhatsApp users cannot check whether their device was affected, there are certain red flags people can spot that may indicate a mobile device is being manipulated by a third party.

WhatsApp is a vocal champion of end-to-end encryption, which is created to keep messages, photos, videos, calls and other exchanges between the sender and recipient. "We are early in our investigation and we don't have numbers to share though this is a relatively small amount of people", WhatsApp added in its response. The latest version is 2.19.134.

WhatsApp update: How do I update Whatsapp on iPhone and Android?

The breach is the latest in a series of issues troubling WhatsApp's parent Facebook, which has faced intense criticism for allowing its users' data to be harvested by research companies and over its slow response to Russian Federation using the platform as a means to spread disinformation during the 2016 U.S. election campaign.

Guerra suggested regularly checking metrics like data and battery usage so it's easier to spot when something seems out of the ordinary, as well as uninstalling apps that you don't regularly use, to limit the number of programs that could be collecting your data.

Q How do I set my phone to automatically download app updates in future?

How do you update WhatsApp on Android?

"No user interaction required", said Scott-Railton, "which makes it particularly insidious". The vulnerability was found to have happened through voice calls on the app where the virus was able to install itself onto any device without the users even having to answer the call.

"NSO would not or could not use its technology in its own right to target any person or organization", it said in a statement Tuesday. WhatsApp said it was "deeply concerned" about the vulnerability.

Select "WhatsApp" and click 'Update'. The lawyer, who was not identified by name, is involved in a lawsuit against NSO brought by a group of Mexican journalists, government critics and a Saudi Arabian dissident.

In response, NSO Group said that its technology is licensed to authorised government agencies for the sole objective of fighting crime and terror.

The company said they have provided information to USA authorities to help with the investigation.

Like this: