Facebook-owned WhatsApp suffered an attack from hackers earlier this month. WhatsApp today acknowledged the attack saying that there was a vulnerability in the application which allowed the hackers to remotely install the spyware on iOS and Android smartphones running the app. The vulnerability or bug was found in the call feature of WhatsApp. So, when the call was made, it let the spyware to be installed to the devices even when the call wasn’t answered.
According to a report by TechCrunch, the hackers taking advantage of this security flaw installed Israeli Spyware named Pegasus. The spyware was from the NSO Group which is normally licensed to governments. The governments use it to install the spyware on devices of individuals who are under investigation.
But not all WhatsApp version were affected by this security flaw. This issue was found in the WhatsApp for Android holding version earlier than the v2.19.134. It also affected the WhatsApp Business for Android (versions earlier than the v2.19.44) and versions earlier to v2.19.51 of the app’s iOS version were affected. The WhatsApp Business for iOS version earlier than the v2.19.51 and the WhatsApp for Windows Phone version earlier than the v2.18.348 were also affected with this security flaw. Lastly, the WhatsApp for Tizen with version earlier than the v2.18.15 was affected as well.
According to WhatsApp, only a very small number of users became the target of this flaw and spyware. Till now it is not known just how many users were affected with the spyware or this bug and how long was this flaw active for the hackers to notice. According to the company, it is “nontrivial to deploy, limiting it to advanced and highly motivated actors.” The company also said that once the flaw was discovered, it took less than 10 days for them to make the changes to WhatsApp’s infrastructure and make the spyware inoperable. The WhatsApp servers were updated on Friday so the flaw was repaired/removed. Additionally, it has also released another patch fixing the platform.
According to WhatsApp’s statement to TechCrunch, “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
Although the Facebook-owned messaging service company has notified the Department of Justice and other human rights organisations. About this regard, the NSO Group said to The Financial Times that it is investigating the issue but it has no involvement about how its code is used or where.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.