Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

DPA/PA Images

WhatsApp has identified a 'serious security vulnerability' - Here's what you need to know

The company has officially notified the Data Protection Commission about the breach.

WHATSAPP – THE INSTANT messaging app with over 1.5 billion users – has suffered a “serious security vulnerability” that may have allowed someone acting with malicious intent to install spyware on people’s phones. 

The company has officially notified the Data Protection Commission about the breach, which may have allowed people’s personal information to be accessed on their phones. 

So what exactly is the vulnerability? Who is behind it? And how do you protect your phone against it?

The vulnerability and spyware

The vulnerability was present in a version of WhatsApp before the latest update. It allowed hackers to insert malicious software on phones by calling the target using the app.

Spyware is software that allows someone to get covert information about someone’s computer or mobile device activities by transmitting data covertly from their device, without the person’s knowledge. 

The spyware in question here affects Android devices and Apple’s iPhones, among other phones, and was identified earlier this month. 

WhatsApp said that it was sophisticated and “would be available to only advanced and highly motivated actors” and that a ”select number of users were targeted”.

People would not have to answer the in-app call for the code hacking the phone to get shipped. Once on the phone, it could enable someone to access a user’s personal information. 

The log of the missed call could then be deleted from the phone. 

Similar technology has shown to control phones’ cameras and effectively turn them into pocket-sized surveillance devices.

An unknown number of people – an amount ‘in the dozens at least’ would not be inaccurate, according to the tech company – were infected with the malware.

John Scott-Railton, a researcher with the internet watchdog Citizen Lab, called the hack “a very scary vulnerability.”

“There’s nothing a user could have done here, short of not having the app,” he said.

Who is responsible? 

WhatsApp has not named who it believes is responsible for the attack.

However, the Financial Times identified the Israel’s NSO Group as having responsibility, and a WhatsApp spokesperson later said “we’re certainly not refuting any of the coverage you’ve seen”.

NSO said in a statement that its technology is used by law enforcement and intelligence agencies to fight “crime and terror”.

“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system,” the statement said.

The revelation adds to the questions over the reach of the Israeli company’s powerful spyware, which has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents.

The Citizen Lab said in a tweet it believed an attacker tried to target a human rights lawyer as recently as Sunday using this flaw, but was blocked by WhatsApp.

How can you protect against the spyware 

As of yet, it is unclear if any Irish or European people’s phones have been infected with the spyware. 

While the possibility remains that peoples’ phones could be affected by the breach, all WhatsApp users are urged to ensure that the latest version of the WhatsApp application is installed on their device, available via the Apple Store or Google Play Store.

To update to the latest version of WhatsApp, users should:

For iPhone

Open the App Store and along the bottom select updates.

Any pending app updates will be listed here.

Select “WhatsApp” and Update

For Android

Open the Play Store and tap on the 3 lines in the upper left corner.

Select “My apps & games” from the menu.

Select “WhatsApp” and Select Update

Readers like you are keeping these stories free for everyone...
Our Explainer articles bring context and explanations in plain language to help make sense of complex issues. We're asking readers like you to support us so we can continue to provide helpful context to everyone, regardless of their ability to pay.

Close
19 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds