Vijaya Laxmi Tripura
Here is alarming news for over 1.5 billion users of WhatsApp, a subsidiary owned by Facebook. The company touts its end-to-end encryption as an important security feature that encourages people to use it for text, audio and video messaging worldwide. But The Financial Times, quoting its Tel Aviv correspondent Mehul Srivastava said, “the discovery of WhatsApp hack attacks, using software developed by an Israeli start-up that can embed a surveillance program in smartphones. The Pegasus spyware developed by NSO Group can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data”.
It further said, “Both iPhones and Android phones can be infected by ringing up targets using the app’s phone call function. The malicious code can be transmitted even if users do not answer their phones, and the calls often disappear from call logs”.
Although WhatsApp has rolled out an update to its servers and has also rolled out a security patch on to its Android and iOS apps to safeguard the users phone data, WhatsApp users will most definitely witness attack by spyware, which would steal all the datas from their phone sets. Most importantly, the spyware deletes all the call logs to remain untraceable.
WhatsApp has detected a zero-day vulnerability on its platform that could leave billions of WhatsApp users across the globe exposed to a spyware that hacks into users’ smartphones to extract details such as users’ messages, call logs, emails, photos etc. What’s scary about this spyware is that it can slip on any WhatsApp users’ smartphone without giving the slightest clue that their devices have been infected. All it takes is a WhatsApp call.
In case you are wondering that ignoring or not receiving the call would save you from the impact of this malicious softare, then we have some bad news for you – there is no running away from this spyware. And the only way you can safeguard the data on your smartphone is by updating WhatsApp on your smarphone to the latest version – the one that includes a patch to this security loophole.
It is possible that all this talk about spyware and zero-day vulnerabilities might have left you confused regarding the issue and the ways to mitigate it. So, here’s an easy guide that will help you understand and answer all your questions about WhatsApp’s spyware attack:
What is the WhatsApp spyware attack?
WhatsApp, earlier this week, detected a bug on its platform that allowed malicious actors to hack into users’ smartphones and steal all their data, which includes – their call logs, messages, photos, contacts, emails, location and other details. This bug could be installed on a smartphone – both Android smartphones and iPhones – by placing a WhatsApp call on their smartphones.
Even if a user didn’t receive the WhatsApp call, the spyware would install on his/her smartphone giving hackers unlimited access to their data. What’s more alarming is that the once installed, the spyware erases all call logs within WhatsApp giving users no means to confirm an attack.
Who is responsible for the WhatsApp spyware attack?
A report by the Financial Times noted that Israeli cyber security firm NSO used Pegasus – a program developed by the company that can turn on a phone’s camera and microphone to surf through the phone’s data – could be behind the attack. The company had reportedly been targeting a UK-based lawyer who helped a group of Mexican journalist, government critics and a man of Saudi Arabian dissent living in Canada sue NSO.
“It is upsetting but it is not surprising. Someone has to be quite desperate to target a lawyer, and to use the technology that is the very subject of the lawsuit,” the UK-based lawyer told The Gurdian.
NSO, on the other hand, has refuted all such claims saying that it cannot use its own technology to target an individual or an organisation. “NSO would not or could not use its technology in its own right to target any person or organisation, including this individual,” the cyber intelligence firm told the publication.
Who all is vulnerable to the attack?
All WhatsApp users using the company’s Android, iOS and Windows app – across the globe including India — are vulnerable to this security loophole. WhatsApp issued a Common Vulnerabilities and Exposures (CVE) notice informing cyber security experts about the attack. As per the CVE notice issued by the Facebook owned company all the WhatsApp users using — WhatsApp for Android v2.19.134 or less, WhatsApp Business for Android v2.19.44 or less, WhatsApp for iOS v2.19.51 or less, WhatsApp Business for iOS v2.19.51 or less, WhatsApp for Windows Phone v2.18.348 or less, and WhatsApp for Tizen v2.18.15 or less are succeptible to attack.
What is WhatsApp doing to mitigate this situation?
WhatsApp is investigating the matter. In the meantime, it has rolled out an update to secure its servers. The social messaging app has also rolled out a security patch to safeguard smartphones from the vulnerability.
In addition to this, the company has alerted the US Justice Department about the issue.
How can I safeguard my phone from the attack?
To safeguard yourself from the attack all you need to do is go to the Google Play Store or the Apple App Store and update the app on your smartphones.
In case you are worried, the bug doesn’t leave your WhatsApp call open to interception. And once you have updated the app, all your data is safe.