What you need to know
- The vulnerability was first discovered in early May.
- A fix has been rolled out on the server-side along with a new app update that was released last Friday.
- It is believed the spyware used is from NSO Go and it allows access to your mic, camera, messages, and more.
No matter what you're doing, if you have WhatsApp installed on your phone, you should update it now. In early May, Facebook discovered the vulnerability that would allow commercial-grade spyware to be installed on your phone through a call using WhatsApp.
While most spyware requires some action on the user's part, this new vulnerability did not. All that was required was to place a call to a phone with WhatsApp installed, you didn't even have to answer or interact with the call.
The software in question is believed to be called "Pegasus" and comes from Israeli-based company NSO Group. Once installed, Pegasus has the ability to turn on the mic or camera on your device, as well as gain access to your photos, messages, location data, and emails. It can even edit the call log to erase all traces that it was installed.
It took Facebook less than 10 days to fix the exploit with a server-side fix, along with an update to the app last Friday which further secures you against the attack.
The vulnerability affected users of WhatsApp on all platforms, meaning you need to update your app immediately if you still have one of the versions prior to the following.
- WhatsApp for Android v2.19.134
- WhatsApp Business for Android v2.19.44
- WhatsApp for iOS v2.19.51
- WhatsApp Business for iOS v2.19.51
- WhatsApp for Windows Phone v2.18.348
- WhatsApp for Tizen v2.18.15
Even though Facebook does not directly name the NSO Group, it appears to be the most likely culprit. A statement released from Facebook read:
This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.
The NSO Group has been known to work with governments in the past to target reporters or dissidents. It is believed that was also the case here and the attack was used against specific targets.
When speaking to the Financial Times, NSO Group said that it vets its customers and investigates abuse, but it is also careful to not involve itself with the actual applications of its software.
This is another reminder of how important it is to keep all the apps on your phone updated. Make sure to check for updates regularly and prevent leaving your phone open to security vulnerabilities.
Could you replace your home internet with just your phone's data plan?
In-home internet is an expensive monthly bill. If you had to, could you cancel it and rely solely on your phone's data plan?
Qualcomm's new wearables chip is still generations behind the competition
The Snapdragon 4100 series is a big improvement over what we had before, but is still literally generations behind the competition — and it's going to show in the consumer products.
ASUS to unveil the ROG Phone 3 at a ‘Game Changer’ event on July 22
The much-awaited ASUS ROG Phone 3 will break cover at the company's 'Game Changer' event on July 22. ASUS' upcoming flagship gaming phone is expected to be powered by Qualcomm's unannounced Snapdragon 865+ chipset.
Best Long-lasting Hard Drives for Synology NAS in 2020
One of the main considerations when buying a hard drive for your NAS is long-term reliability. Drives in a NAS enclosure run 24/7, and as such they need to deliver the same level of performance after several months and years. These are the best long-lasting hard drives for your Synology NAS in 2020.