A WhatsApp vulnerability was found that allowed the installation of spyware on affected mobile phones. Apparently an unknown number have been able to exploit this flaw at the level of government appeal.
The flaw was found and exposed by Facebook itself, which has since corrected the flaw. It consisted of the exploration of a bug in the audio calls that allowed the installation of the spywares.
This happened regardless of the victim responding to the call or not. Due to the severity of the failure, it will be very difficult to determine how many people have been affected and for how long.
For now the company suspects that only a small number of people have been victims of this attack. Due to the non-trivial nature of the attack, it is likely that there were specific targets.
What should you do now?
The simplest way to keep yourself safe is to update the application as soon as possible. Go to the Google Play Store or Apple App Store and upgrade to the latest version that no longer has this type of problem.
Spyware started from a private company
Eventually, it was discovered that the spyware that was being installed belongs to a company called the NSO Group. The program is called Pegasus and is usually licensed to governments to infect and investigate suspicious individuals’ devices in certain situations.
Therefore, it can be considered an espionage tool, something that no company wants to see being used in its application. WhatsApp claims to have taken 10 days to change the code and leave the Pegasus useless within the application.
The NSO Group said it was investigating the situation and made a statement where they basically ‘wash their hands’ of the matter. The company claims that it analyzes and investigates possible customer abuse but does not take responsibility for how the code is used.
Either way, the best way to avoid such situations as users is to keep the app up to date. Additionally, we should not answer numbers of strangers if they call us on WhatsApp because it is a more personal form of contact, so an unknown number is more suspicious.