WhatsApp are advising users to update their app after finding and fixing major security flaws.
Can you imagine life without WhatsApp? We once tried it for a week, and found it pretty tough going.
A whopping 84% of online UK adults aged 25-34 year olds use the app to send texts and voice notes, in lieu of actual phone conversations. It’s convenient, fast and – thanks to those double blue ticks – easy to monitor who’s giving you the cold shoulder, just because they don’t immediately reply.
But Tuesday’s (14 May) news about a cyber attack on the app, is enough to make anyone reconsider how they use it.
WhatsApp have confirmed that hackers were recently able to remotely install surveillance software on phones and other devices by using the messaging app. They also stated that a fix was rolled out last Friday, but are still advising its 1.5 billion users to update the app as an extra precaution.
The Financial Times has reported that the attack was developed by Israeli security firm NSO Group. It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call went unanswered, the surveillance software would be installed and, according to the FT report, would often disappear from the call list.
WhatsApp – which is owned by Facebook – told the BBC that the attack was detected by its security team. They then shared the information with human rights groups, security vendors and the US Department of Justice earlier this month.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a briefing document note. They also said that it was too early to know how many users had been targeted.
Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible.
But NSO Group responded to report, saying: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual.”
Just for peace of mind, it might be a good idea to make that quick update.