What you need to know
- The vulnerability was first discovered in early May.
- A fix has been rolled out on the server-side along with a new app update that was released last Friday.
- It is believed the spyware used is from NSO Go and it allows access to your mic, camera, messages, and more.
No matter what you're doing, if you have WhatsApp installed on your phone, you should update it now. In early May, Facebook discovered the vulnerability that would allow commercial-grade spyware to be installed on your phone through a call using WhatsApp.
While most spyware requires some action on the user's part, this new vulnerability did not. All that was required was to place a call to a phone with WhatsApp installed, you didn't even have to answer or interact with the call.
The software in question is believed to be called "Pegasus" and comes from Israeli-based company NSO Group. Once installed, Pegasus has the ability to turn on the mic or camera on your device, as well as gain access to your photos, messages, location data, and emails. It can even edit the call log to erase all traces that it was installed.
It took Facebook less than 10 days to fix the exploit with a server-side fix, along with an update to the app last Friday which further secures you against the attack.
The vulnerability affected users of WhatsApp on all platforms, meaning you need to update your app immediately if you still have one of the versions prior to the following.
- WhatsApp for Android v2.19.134
- WhatsApp Business for Android v2.19.44
- WhatsApp for iOS v2.19.51
- WhatsApp Business for iOS v2.19.51
- WhatsApp for Windows Phone v2.18.348
- WhatsApp for Tizen v2.18.15
Even though Facebook does not directly name the NSO Group, it appears to be the most likely culprit. A statement released from Facebook read:
This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.
The NSO Group has been known to work with governments in the past to target reporters or dissidents. It is believed that was also the case here and the attack was used against specific targets.
When speaking to the Financial Times, NSO Group said that it vets its customers and investigates abuse, but it is also careful to not involve itself with the actual applications of its software.
This is another reminder of how important it is to keep all the apps on your phone updated. Make sure to check for updates regularly and prevent leaving your phone open to security vulnerabilities.
Do you think smartphones can compete with professional cameras?
Smartphone cameras have seen a lot of advancements over the years. Do you think we're at the point where they can compete with professional camera gear?
Global phone sales set to hit a 10-year low, recovery likely next year
According to research firm CCS Insight, the COVID-19 outbreak could slow the global mobile phone market by 13% this year, with shipments predicted to hit a 10-year low. Sales of 5G phones, however, are expected to grow significantly, despite the overall slump in demand.
Zoom apologizes over security and privacy issues and freezes new features
Zoom has issued a public apology over several security and privacy flaws highlighted in its service. It has vowed to freeze new features for 90 days whilst it fixes them.
These are the best Ring devices you can get right now for your smart home
Despite having its share of negative publicity throughout 2019, Ring has continued to make some of the best home automation and security devices on the market. Here are some of our favorite Ring products for 2020.