WhatsApp on Tuesday urged its 1.5 billion users to update the messaging app immediately because of a major security bug. The Facebook-owned platform discovered a vulnerability in the code that allowed a spyware to be installed on a user’s phone through a WhatsApp voice call, whether the call was answered or not. This spyware named Pegasus could potentially extract all the WhatsApp data from your smartphone, which include text messages, GPS location, email, browser history, images and more. Apparently, the spyware was developed by an Israeli cyber intelligence company for NSO Group, FT reported.
Without naming the cyber criminals, WhatsApp in a statement said that the attackers of a private company reportedly works with governments to deliver spyware, which takes over the functions of mobile phone operating systems. Reportedly, this spyware was used on May 12 to attack a UK attorney personnel phone, who happened to be involved in a lawsuit against NSO Group, although NSO denied all the allegations. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies”, NSO Group told FT.
WhatsApp, however, did not disclose any of the number of people that may have been affected by the vulnerability. It said that an investigation is being carried out, and the company has provided necessary information to US law enforcement agencies. The messaging company has already identified and fixed the vulnerability, and has asked all its users to update the app immediately. The vulnerability was reportedly discovered last month.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices. We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users,” WhatsApp spokesperson noted in a statement.
Watch Video: Jio Home IoT Solutions (Demo)
It’s been reported that the spyware installed via voice call doesn’t affect WhatsApp’s end-to-end encrypted text chats, but all other personal data like regular text messages (SMS), images, GPS location, email, browser history and more could be potentially extracted via the software.