Users are being urged to update their WhatsApp smartphone apps immediately because of a security bug that allows hackers to take over your phone by simply calling it, whether or not you answer.
What has happened?
A vulnerability in the popular Facebook-owned messaging service has been discovered that allowed hackers to install spyware through an infected WhatsApp voice call.
The spyware is capable of trawling through calls, texts and other data, activating the phone’s camera and microphone and performing other malicious activities.
All brands of phones with WhatsApp or WhatsApp Business installed are affected, including Apple’s iPhone (iOS), Android phones, Windows Phones and Tizen devices, according to Facebook. WhatsApp is used by 1.5 billion people globally.
Who is behind the attack?
According to the Financial Times, Israeli cyber intelligence company NSO Group developed the spyware. Users did not even have to accept the call, and it was often hidden from logs, the paper said.
Has it affected me?
The number of people spied on is not yet known. A few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been identified.
What do I need to do to protect myself?
Facebook implemented a server-side change to help protect users and pushed out updates for the various smartphone WhatsApp versions on Monday.
Users are strongly advised to check for updates manually through the Apple App Store on an iPhone, Google Play or similar on an Android device, the Microsoft Store on Windows Phones and the Galaxy app store on Tizen devices.
If you haven’t received any WhatsApp voice calls or dropped calls from unknown parties then you have probably not been targeted. But if you happen to be a lawyer or work in sensitive industries and use WhatsApp, even for personal correspondence, you should be especially vigilant.