WhatsApp has urged its 1.5 billion users globally to update their app to protect against “potential targeted exploits” after it discovered a vulnerability that allows spyware to be installed on users’ phone. The Facebook-owned company said it had, earlier this month, identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices. It has also made changes to its infrastructure to deny the ability for this attack to take place, it added.
Without naming the attacker, WhatsApp said the attack has all the hallmarks of a private company that reportedly works with governments to deliver spyware, which takes over the functions of mobile phone operating systems. In an emailed statement, a WhatsApp spokesperson said the company encourages people to upgrade to the latest version of its app, and to keep their mobile operating system up-to-date.
“(This will help) protect against potential targeted exploits designed to compromise information stored on mobile devices. We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users,” the spokesperson added.
According to reports, the spyware was allegedly developed by Israeli cyber intelligence company NSO Group. The vulnerability allowed installation of spyware on the device through a WhatsApp voice call – irrespective of whether the call was answered or not.
WhatsApp – which is end-to-end encrypted – did not disclose of the number of people that may have been affected by the vulnerability. India has the largest base of WhatsApp users globally with well over 200 million users. The company said it has launched an investigation into the matter, and has also provided information to US law enforcement agencies to help them conduct an investigation.