Whatsapp has discovered a vulnerability which has allowed attackers inject commercial Israeli spyware on to phones. According to The Financial Times, who first reported the discovery, attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call functionality.
To protect against this vulnerability, WhatsApp has urged its 1.5 billion users worldwide to update to the latest version. WhatsApp is currently in the stages of the investigation so it is unknown how many people may have been affected. Researchers at the University of Toronto’s Citizen Lab believe an attacker tried to target a human rights lawyer on Sunday.
WhatsApp has just pushed out updates to close a vulnerability. We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer. Now is a great time to update your WhatsApp software https://t.co/pJvjFMy2aw https://t.co/e8VQUraZWQ
— Citizen Lab (@citizenlab) May 13, 2019
In a statement, Whatsapp stated:
This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems, We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.
The Financial Times reported that WhatsApp disclosed the issue to the US Department of Justice last week. As of yet, the Irish Data Protection Commissioner says it has not been informed of any security breaches.
Here's is how to update your software: if you have an iPhone, go to the App Store and click updates. If you own an Android phone, got to the Play Store and tap update next to WhatsApp Messenger.