WhatsApp has urged its 1.5 billion users to upgrade the app after the Facebook-owned platform discovered a vulnerability that allowed a spyware to be installed on users' phones via the app's phone call function. The app's calling function is one that is widely used by a lot of WhatsApp users especially if you're in different countries.
The spyware was allegedly developed by the Israeli cyber intelligence company NSO Group, reports the Financial Times. The vulnerability leveraged a bug in WhatsApp's audio call feature, facilitating the installation of spyware on the device being called whether the call was answered or not. WhatsApp said it has fixed the vulnerability that was discovered last month. The company has also issued a statement that users should update the app as soon as possible.
"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices, the company said in a statement.
The Israel-based NSO Group works for the government, looking to infect targets of investigations and gain access to various aspects of their devices.
"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems," the WhatsApp statement read, without mentioning the NSO Group.
NSO Group told the Financial Times: "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies".
"NSO would not or could not use its technology in its own right to target any person or organization," the company added. NSO limits sales of its spyware called Pegasus to state intelligence agencies and others. The software has the ability to collect intimate data from a target device.
According to WhatsApp, it suspects a relatively small number of users were targeted. At any rate, users should update the app to steer clear of any privacy infringements.
"This is, as you can imagine, an extremely severe security hole, and it is difficult to fix the window during which it was open, or how many people were affected by it," reports TechCrunch.
WhatsApp has a reputation for being rather secure when it comes to dealing with user's data and this seems to be a move that has marred the company's reputation. The average user can only update the app so that it doesn't happen to them.