WhatsApp urges users to update their app after a serious Security Breach was discovered.
Concerns were raised that hackers could inject spy software on to phones via the call function.
The Facebook-owned company said the spyware was spread by an “advanced cyber actor”, and infected multiple mobile phones using a major vulnerability in the app.
The spyware, developed by Israeli spyware company NSO Group, has the ability to give hackers full access to a phone remotely, allowing them to read messages, see contacts and activate the camera.
WhatsApp confirmed that a “select number” of users had been victims and that the bug and that the bug affects all but the latest version of the app on iOS and Android.
WhatsApp said it had referred the incident to the US Department of Justice.
The attack involves cyber hackers using WhatsApp’s voice calling function to ring a device. The surveillance software would then be installed, even if that call was not picked up.
The Financial Times reported that cyber hackers had been using the loophole up until Sunday evening, when it was used to target a UK-based human rights lawyer.
A spokesman for NSO, which is believed to sell its spyware to intelligence agencies and nation states, said that it was investigating the issue. The spokesman said NSO “would not, or could not” use its own technology to target “any person or organisation”, including the UK lawyer, reports The Telegraph.
The vulnerability was also used to target a researcher at Amnesty International, which is fighting for the NSO Group to have its export license withdrawn by Israeli government.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said.
They also stated that they had carefully vetted customers and investigated any abuse.
WhatsApp, with more than 1.5 billion users, immediately fixed the issue and pushed out a patch. WhatsApp also provided information to US law enforcement officials to assist in their investigation.
A WhatsApp spokesman said the flaw was discovered while “our team was putting some additional security enhancements to our voice calls” and that engineers found that people targeted for infection “might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped”.
“We are deeply concerned about the abuse of such capabilities,” WhatsApp said in a statement.
(You are looking for an Update May 10 or later with Ver. 2.19.134 or later)
For iPhone Users – go to the App Store, tap on “Updates” and refresh, then tap Update next to WhatsApp Messenger.
For Android Users – go to the Play Store, tap on the Hamburger Menu, then select “My Apps and Games”, tap Update next to WhatsApp Messenger.
For Windows Mobile 10 – go to Microsoft store and tap on Hamburger Menu, select Downloads and Updates tap update next to WhatsApp Messenger.