WhatsApp, one of the most popular social messaging apps in the world has recently detected a zero-day vulnerability on its platform. It can leave billions of WhatsApp users across the globe exposed to a spyware that hacks into users' smartphones to extract details like users' messages, call logs, emails, photos etc.
The scariest thing about this spyware is that it can slip on any WhatsApp users' smartphone without giving any clue that their devices have been infected. It takes place merely by a WhatsApp call. Shocked?
Icing on the cake is if you are wondering that ignoring or not receiving the call would save you from its impact, then you are wrong. As there is no running away from this spyware. Now, the only way to safeguard the data on your smartphone is by updating WhatsApp on your smartphone to the latest version, the one that includes a patch to this security loophole.
Everything you need to know about WhatsApp's Spyware Attack:
What is the WhatsApp spyware attack?
Earlier this week, WhatsApp detected a bug on its platform which allowed malicious actors to hack into users smartphones and steal their complete data. It includes, call logs, messages, photos, contacts, emails, location and other important details. This bug can also be installed on both Android smartphones and iPhones just by placing a WhatsApp call on their smartphones.
Even if a user didn't get the WhatsApp call, the spyware would automatically install on his/her smartphone. Hence, giving hackers unlimited access to their data. Also, once installed, the spyware erases all call logs within WhatsApp giving users no means to confirm an attack.
Who is responsible for this spyware attack?
A report by the Financial Times said Israeli cyber security firm NSO used Pegasus, a program developed by the company which can turn on a phone's camera and microphone to surf through the phone's data might be behind the attack. The company had reportedly been targeting a UK-based lawyer who helped a group of Mexican journalist, government critics and a man of Saudi Arabian dissent living in Canada sue NSO.
The UK-based lawyer told The Guardian, "It is upsetting but not surprising. Someone has to be quite desperate to target a lawyer, and to use the technology that is the very subject of the lawsuit."
Though NSO, on the other hand, has refuted all claims saying that it cannot use its own technology to target an individual or an organisation. "NSO would not or could not use its technology in its own right to target any person or organisation, including this individual," said the cyber intelligence firm.
Who all can be victim of the attack?
Sadly, all WhatsApp users using the company's Android, iOS and Windows app across the globe even India are likely to be victim of this security loophole. WhatsApp also issued a Common Vulnerabilities and Exposures (CVE) notice informing cyber security experts about the attack. According to the CVE notice issued by the Facebook owned company all the WhatsApp users using WhatsApp for Android v2.19.134 or less, WhatsApp Business for Android v2.19.44 or less, WhatsApp for iOS v2.19.51 or less, WhatsApp Business for iOS v2.19.51 or less, WhatsApp for Windows Phone v2.18.348 or less, and WhatsApp for Tizen v2.18.15 or less are likely to be attacked.
What action has been taken by WhatsApp to mitigate this situation?
WhatsApp is investigating the matter. It has rolled out an update, like a security patch to safeguard smartphones from the vulnerability and secure its servers. Adding to it, the company has also alerted the US Justice Department about the issue.
How can I protect my phone from the WhatsApp spyware attack?
To protect your phone from the attack you only need to go to the Google Play Store or the Apple App Store and update the app on your smartphones. Once you have updated the app, all your data is safe.