WhatsApp hit by security spyware flaw – update immediately

Instant messaging app WhatsApp has revealed that it has just discovered a serious security flaw that could allow someone to spy on the device of a WhatsApp user just by calling them using the app.

WhatsApp also confirmed that it had discovered evidence that an unknown number of people have already been exploiting this flaw to spy on other WhatsApp users.

On Monday, WhatsApp advised all of its users to update their versions of the messaging app to the latest version as soon as possible. Here’s your questions answered.

What was the security flaw?

The security flaw (which was discovered in early May by the Instagram security team) allowed an attacker to call a user with the WhatsApp phone call feature and install spyware on the device being called, regardless of whether the user being called answered or not.

The flaw is called a “buffer overflow” vulnerability. It’s a common type of vulnerability where a piece of software is inadvertently given access to memory it shouldn’t have access to because it overflows the memory it should have access to.

While Instagram found the flaw in early May, it confirmed that certain people had already begun taking advantage of it, meaning this is a zero-day vulnerability. I.e. people outside of Instagram had discovered the flaw and exploited it before Instagram had a chance to begin fixing it. As such, the usual security advice of keeping your apps up-to-date would not have worked in this case.

This is also a flaw that does not rely on any interaction on behalf of the victim, since it did not matter if the victim answered the call that initiated the attack. These are the most serious of security flaws.

Instagram has said that they have rendered the flaw inoperable and released an update that fixes it.


Sponsored Content. Continued below...




Who was exploiting this flaw?

WhatsApp has said that those exploiting the flaw were installing spyware developed by the NSO Group. This is an Israeli company that famously sells spyware and other types of surveillance software to governments in order to – they claim- help fight “crime and terror”.

However their software is often linked to the surveillance of people such as human rights activists, lawyers and journalists. The NSO Group is often referred to as a “cyber-arms dealer”.

How many people were affected? Was I affected?

We don’t know, and probably not. But you need to update WhatsApp anyway.

It is likely, given that this spyware found was developed by the NSO Group, that the flaw and subsequent spyware was highly targeted (as opposed to being sent out en masse, which would increase the chances of discovery.)

As such, the flaw and spyware was probably being used to spy on specific people, so the chances of the average WhatsApp user being targeted is quite low. However the flaw is real, and other attackers could exploit it. So make sure you update (more on that below.)


Sponsored Content. Continued below...




What could the spyware do?

The spyware that was developed by the NSO Group (which has been installed on devices as a result of the flaw) could most likely read WhatsApp messages. WhatsApp is famous for its end-to-end encryption, meaning theoretically only the sender and recipient can read messages sent in a chat. As such, software (spyware) that could monitor messages sent through WhatsApp would be highly sought after by those wishing to engage in surveillance.

It is not presently know if the spyware could reach outside the confines of a user’s device and spy on data contained within other apps.

How do I update WhatsApp

Most users set the app to update automatically. If you don’t – or you’re unsure – follow the advice below.

Android
– Open the Google Play store.
– Tap the menu at the top left of the screen.
– Tap My Apps & Games.
– If WhatsApp has recently been updated, it appears in the list of apps with a button that says Open.
– If WhatsApp has not been automatically updated, the button says Update. Tap Update to install the latest version of the app.
– The latest version of WhatsApp on Android is 2.19.134.

iOS
– Open the App Store.
– At the bottom of the screen, tap Updates.
– If WhatsApp has recently been updated, it appears in the list of apps with a button that says Open.
– If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the latest version of the app.
– The latest version of WhatsApp on iOS is 2.19.51.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)