A report from Financial Times has unraveled a crucial vulnerability in WhatsApp that could allow attackers to spy on people affected, irrespective of their operating systems. To counter this, WhatsApp has pushed an update to its app recommending people to do so as soon as possible.
The attack could execute from an anonymous WhatsApp voice call; even without the user answering it. The call logs also wouldn’t enlist the call which could leave users unaware if the attack ever was executed.
Additionally, attackers can access a phone’s camera and microphone, collect emails, messages and location data; taking advantage of this vulnerability by using the spyware. Hence, it is essential for users to grab the new WhatsApp update at their earliest.
WhatsApp’s parent company Facebook knew about this attack since a week and hence patched it via a server update Friday. The company, however, released an app update Monday asking users to update it as soon as possible to avoid the attack in a public statement:
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices. We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”
The spyware in action here, however, is developed by Israeli cyber intelligence firm NSO group. It is called Pegasus. Pegasus has grabbed plenty of attention in the past for its terrifying capabilities when it was first discovered due to a failed attempt at installing it on an iPhone belonging to a human rights activist. The spyware uses unique break-in techniques which have earned it the title of the “most sophisticated” smartphone attack ever.
NSO sells Pegasus to Governments and law enforcement agencies to help fight terrorism and crime. However, the software has always stayed in the limelight for its fallacious usage.