WhatsApp attack: what you need to know

Who is behind it and what should you do next to protect your data?

All versions of WhatsApp across all operating systems are vulnerable to the spyware. Photograph: iStock

All versions of WhatsApp across all operating systems are vulnerable to the spyware. Photograph: iStock

 

Have you updated your WhatsApp lately? If you haven’t you might want to make it a priority.

An update for the messaging app was pushed out in the past few days amid reports that a security vulnerability could have left users open to spyware being installed on their phones without their knowledge - and all through an infected WhatsApp call.

How does it happen?

The vulnerability allows hackers to install spyware on your phone that will trawl through everything - contacts, messages, calls and other data - without the phone owners knowledge. Unlike other attacks, you don’t have to click on a suspicious link or open a file; it can be injected into the phone through a missed WhatsApp call. The software can also activate the phone’s camera and microphone without your knowledge, which turns your phone into a convenient means of spying.

In some cases, the call logs were cleared so the missed call may not have even shown up for some users.

WhatsApp said it fixed the vulnerability earlier this month, making changes to its infrastructure to stop the attacks from taking place, but there are suspicions that there was aan attempt to exploit it again over the weekend.

Who is behind the malware?

According to the Financial Times, the software being used was developed by Israeli cyber intelligence company NSO Group. Its technology is used by intelligence agencies and governments, and the company told the paper that it would not be able use its own technology to target individuals.

Who does it affect ?

All versions of WhatsApp across all operating systems are vulnerable. That means iOS, Android, Tizen and Windows Phones. And if you are using WhatsApp Business, that is also affected.

A handful of victims have been identified, including a human rights lawyer in the UK. it is not yet known if any Irish victims have been identified.

If you have any suspicious missed WhatsApp calls though, you might be affected.

What do I need to do?

WhatsApp pushed out an update for the messaging app on Monday, and has urged users to install the latest version of the app.

If you want to keep using the app, you should check for updates on the App Store for iPhone users, Google play for Android devices, the Galaxy app store if you are running a Tizen device, and the Microsoft Store for those using a Windows Phone.

But you would be forgiven for skipping the latest update inadvertently. Neither the iOS nor the Android version of the app list security fixes in the notes on the new release. The iOS version concentrates on the ability to view stickers in full size, and Android lauds the ability to make group voice and video chats more easily.

How exactly do I update my app?

On iOS, go to the App Store. Search for WhatsApp. If an update is available, it will give you the option to update the app. If not, it will display a button to open the app.

Alternatively, you can choose the Updates tab from the bottom of the screen, and scroll down to WhatsApp. If there is an update available that has yet to be installed, you’ll see the update button displayed beside the app.

On Android, the best way to update your apps on most Android phones is through the Play Store. Tap the Menu button, and select My Apps and Games. If WhatsApp has a new version available, there will be an Update label on it.

The more obvious solution to the problem is to ditch WhatsApp altogether and move to an alternative messaging platform - Signal, for example.

What version should I have?

If you are on Apple’s system, you should have WhatsApp version 2.19.51. For Android users it varies with device - for most it will be version 2.19.134 - but the most recent update was pushed out on May 10th.

Anything else?

Make sure your device’s operating system is as up to date as possible, and keep your apps up to date to close off as many potential security holes as possible.