All users advised to upgrade following WhatsApp Vulnerability

38,493

WhatsApp and the National Cyber Security Centre (NCSC) have urged users to update their messaging app after it was revealed that hackers could inject spy software on to phones via the call function.

The Facebook-owned company said the spyware was spread by an “advanced cyber actor”, and infected multiple mobile phones using a major vulnerability in the app.

The spyware, developed by the secretive Israeli spyware company NSO Group, has the ability to give hackers full access to a phone remotely, allowing them to read messages, see contacts and activate the camera.

WhatsApp confirmed that a “select number” of users had been victims and that the bug and that the bug affects all but the latest version of the app on iOS and Android.

A WhatsApp spokesman said the flaw was discovered while “our team was putting some additional security enhancements to our voice calls” and that engineers found that people targeted for infection “might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped”.

All users advised to upgrade following WhatsApp Vulnerability

“We are deeply concerned about the abuse of such capabilities,” WhatsApp said in a statement.

The attack involved cyber hackers using WhatsApp’s voice calling function to ring a device. The surveillance software would then be installed, even if that call was not picked up.

The National Cyber Security Centre, the cyber arm of GCHQ, warned WhatsApp users about the vulnerability and urged them to update their apps.

“It’s important to apply these updates quickly, to make it as hard as possible for attackers to get in,” 

The vulnerability was also used to target a researcher at Amnesty International, which is fighting for the NSO Group to have its export license withdrawn by Israeli government.

WhatsApp said that teams of engineers had worked around the clock in San Francisco and London to close the vulnerability. It began rolling out a fix to its servers on Friday last week, WhatsApp said, and issued a patch for customers on Monday.

NSO said it had carefully vetted customers and investigated any abuse. Asked about the WhatsApp attacks, NSO said it was investigating the issue.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said.

“NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual [the UK lawyer].”

What app versions have been affected?

WhatsApp have said that it was a targeted campaign and that “dozens” of accounts could have been affected.

The affected versions of the app relate to;

  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp for Tizen prior to v2.18.15
  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for Windows Phone prior to v2.18.348

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

Decline all Services
Accept all Services