What you need to know
- The vulnerability was first discovered in early May.
- A fix has been rolled out on the server-side along with a new app update that was released last Friday.
- It is believed the spyware used is from NSO Go and it allows access to your mic, camera, messages, and more.
No matter what you're doing, if you have WhatsApp installed on your phone, you should update it now. In early May, Facebook discovered the vulnerability that would allow commercial-grade spyware to be installed on your phone through a call using WhatsApp.
While most spyware requires some action on the user's part, this new vulnerability did not. All that was required was to place a call to a phone with WhatsApp installed, you didn't even have to answer or interact with the call.
The software in question is believed to be called "Pegasus" and comes from Israeli-based company NSO Group. Once installed, Pegasus has the ability to turn on the mic or camera on your device, as well as gain access to your photos, messages, location data, and emails. It can even edit the call log to erase all traces that it was installed.
It took Facebook less than 10 days to fix the exploit with a server-side fix, along with an update to the app last Friday which further secures you against the attack.
The vulnerability affected users of WhatsApp on all platforms, meaning you need to update your app immediately if you still have one of the versions prior to the following.
- WhatsApp for Android v2.19.134
- WhatsApp Business for Android v2.19.44
- WhatsApp for iOS v2.19.51
- WhatsApp Business for iOS v2.19.51
- WhatsApp for Windows Phone v2.18.348
- WhatsApp for Tizen v2.18.15
Even though Facebook does not directly name the NSO Group, it appears to be the most likely culprit. A statement released from Facebook read:
This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.
The NSO Group has been known to work with governments in the past to target reporters or dissidents. It is believed that was also the case here and the attack was used against specific targets.
When speaking to the Financial Times, NSO Group said that it vets its customers and investigates abuse, but it is also careful to not involve itself with the actual applications of its software.
This is another reminder of how important it is to keep all the apps on your phone updated. Make sure to check for updates regularly and prevent leaving your phone open to security vulnerabilities.
We may earn a commission for purchases using our links. Learn more.
You can now pre-order Motorola’s foldable RAZR on Verizon for $1,500
Motorola's foldable RAZR reboot is finally up for pre-order in the U.S for $1,500.
Are you going to keep your Galaxy S10 throughout 2020?
There are a lot of exciting phones set to come out in 2020, but the Galaxy S10 still has plenty of kick left in it. If you own the phone, do you plan on keeping it throughout this year?
Samsung will give away Galaxy Buds+ with S20+ and S20 Ultra pre-orders
Samsung's Galaxy S20 series will be here before you know it, and when pre-orders open up, you'll be able to get your hands on the new Galaxy Buds+ for free.
Have small ears? There are still headphones out there for you
Having trouble finding headphones that fit well with your small ears? Here are a few of our favorite ones that are sure to be a great match!