WhatsApp said on Tuesday that a major security breach had allowed hackers to install spyware on some users’ phones by simply calling them through the app.
This malicious code could be installed whether or not the victim answered the call, and all record of the call disappeared from the phone after the spyware was installed.
The spyware is capable of trawling through calls, texts and other data, activating the phone’s camera and microphone and performing other malicious activities, according to reports.
But how do you know if you have been affected by the hack, and what should you do to protect yourself? Here’s what you need to know.
Which phones are affected?
All smartphones with WhatsApp or WhatsApp Business installed are affected.
This includes Apple’s iPhones, Android phones, Windows Phones and Tizen devices, according to Facebook , which owns WhatsApp.
1.5 billion people use WhatsApp globally.
SEE ALSO : WhatsApp to stop working on Windows phones
Am I affected?
The number of people affected by the hack is not yet known.
WhatsApp said it was still investigating the breach but believed only a “select number of users were targeted through this vulnerability by an advanced cyber actor.”
A few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been identified.
The attack seems to have been primarily targeted at human rights campaigners.
If you haven’t received any WhatsApp voice calls or dropped calls from unknown callers then you have probably not been targeted.
However, you should still take steps to protect yourself, and if you happen to work for a human rights organisation you should be extra vigilant.
What should I do to protect myself?
WhatsApp has fixed the vulnerability on its end, but your account won’t be safe until you install the company’s latest app update .
That’s version 2.19.134 for Android, version 2.19.51 for iOS, version 2.18.348 for Windows Phone and version 2.18.15 for Tizen.
If your device doesn’t install app updates automatically, you can do it manually by going into the app store, searching for WhatsApp, and hitting the “update” button.
While you are at it, it is worth making sure your operating system is up to date, as this contains a lot of built-in security features designed to protect you from hackers.
WhatsApp said its advice to all users to update came “out of an abundance of caution” and a recommendation by Citizen Lab, a research group at the University of Toronto that it notified about the vulnerability before the announcement.
Who is behind the attack?
According to the Financial Times, secretive Israeli cybersecurity and intelligence company NSO Group developed the spyware.
NSO did not comment on the specific attacks, but said it would investigate any “credible allegations of misuse” of its technology.
The company said it never picks or identifies targets of its technology, “which is solely operated by intelligence and law enforcement agencies”.
“NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer),” it said.
A WhatsApp representative said the attack was sophisticated and had all the hallmarks of a “private company working with governments on surveillance.”
Kenyan Business Feed is the top Kenyan Business Blog. We share news from Kenya and across the region. To contact us with any alert, please email us to [email protected]