hatsapp has confirmed it discovered a security weakness in its app that can let hackers install a spyware software on users phones without the users’ knowledge. The flaw has been discovered and an update has been developed and released to remediate the flaw however, users are skeptical saying that some users might have been attacked.
On Friday, Whatsapp started rolling out updates to fix the flaw which they say was exploited by an advanced cyber-actor.
Whatsapp first discovered the flaw early in May. The surveillance software which was successfully installed by hackers was developed by an Israeli firm NSO Group, Financial Times reported. Facebook which owns Whatsapp has advised the messaging app users to update their apps to the latest version. Over 1.5 billion people use Whatsapp worldwide.
Whatsapp’s assurance to its users is that the app is a messaging platform which provides end-to-end encrypted messages meaning that messages cannot be read except by the devices of the parties involved. However, the surveillance software can let an attacker to read the messages on targeted devices.
The spyware’s method of exploit involves a hacker calling a targeted user via the app and in the process send and install the surveillance spyware on users’ phones including iPhones and Androids. The spyware is capable of installing itself on the user’s phone even if the user did not pick the call.
The spyware known as Pegasus can seize control of a users’ phone camera and microphone and consequently track movement and record calls.
Experts are still analyzing the implications or impacts while some believe that for iPhone users, there are possibilities that the spyware may not totally be successful as iPhone’s operating system software, the iOS software runs within highly secure modules referred to as sandboxes.
All users of Whatsapp has been advised to update their Whatsapp to the latest version.