Skip to main content

WhatsApp spyware gave unwanted access to your phone's mic, photos, and more

WhatsApp Messenger screenshot
WhatsApp Messenger screenshot (Image credit: Joe Maring / Android Central)

What you need to know

  • The vulnerability was first discovered in early May.
  • A fix has been rolled out on the server-side along with a new app update that was released last Friday.
  • It is believed the spyware used is from NSO Go and it allows access to your mic, camera, messages, and more.

No matter what you're doing, if you have WhatsApp (opens in new tab) installed on your phone, you should update it now. In early May, Facebook discovered the vulnerability that would allow commercial-grade spyware to be installed on your phone through a call using WhatsApp.

While most spyware requires some action on the user's part, this new vulnerability did not. All that was required was to place a call to a phone with WhatsApp installed, you didn't even have to answer or interact with the call.

The software in question is believed to be called "Pegasus" and comes from Israeli-based company NSO Group. Once installed, Pegasus has the ability to turn on the mic or camera on your device, as well as gain access to your photos, messages, location data, and emails. It can even edit the call log to erase all traces that it was installed.

It took Facebook less than 10 days to fix the exploit with a server-side fix, along with an update to the app last Friday which further secures you against the attack.

The vulnerability affected users of WhatsApp on all platforms, meaning you need to update your app immediately if you still have one of the versions prior to the following.

  • WhatsApp for Android v2.19.134
  • WhatsApp Business for Android v2.19.44
  • WhatsApp for iOS v2.19.51
  • WhatsApp Business for iOS v2.19.51
  • WhatsApp for Windows Phone v2.18.348
  • WhatsApp for Tizen v2.18.15

Even though Facebook does not directly name the NSO Group, it appears to be the most likely culprit. A statement released from Facebook read:

This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

The NSO Group has been known to work with governments in the past to target reporters or dissidents. It is believed that was also the case here and the attack was used against specific targets.

When speaking to the Financial Times, NSO Group said that it vets its customers and investigates abuse, but it is also careful to not involve itself with the actual applications of its software.

This is another reminder of how important it is to keep all the apps on your phone updated. Make sure to check for updates regularly and prevent leaving your phone open to security vulnerabilities.

How to set up and start using WhatsApp for Android

6 Comments
  • Is this build safe??? WhatsApp for Android v2.19.134
  • Yes. Anything prior, no.
  • So the spyware spreads simply by using WhatsApp to call another phone with the app installed, and the other person doesn't even have to answer the call. Glad I never used WhatsApp.
  • I wonder who were the users that were targeted.
  • It was originally written by NSO group to spy on iPhones. I believe it was used by our CIA against Angela Merkel. Somebody took this iPhone exploit and ported to to Android. And I guess apparently it's working on most iPhones and a handful of Android phones right now. My guess is some government was going after iPhone owners again and messed up.
  • How did the program get access to the mic? Was it like a separate android program, or did they alter the code of the whatsapp client and used whatsapp right to access the mic? If it was the former, how can Android be so unsecure?