WhatsApp patches security flaw that lets attackers to deliver malware through calls | TribLIVE.com
News

WhatsApp patches security flaw that lets attackers to deliver malware through calls

The Washington Post
1154661_web1_ptr-whatsappicon-051519

WhatsApp is urging its 1.5 billion users to update their app after the company detected sophisticated hacking attempts that may have targeted human rights activists.

The Facebook subsidiary said “an advanced cyber actor” exploited a security flaw and installed the malware by reaching targets on their mobile phones through WhatsApp’s call function, giving hackers access to private messages, location data and other information. The company said it detected the pattern of abnormal phone calls earlier this month and updated its servers on Friday. It issued new versions of its iPhone and Android apps on Monday.

“We believe a select number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”

WhatsApp did not identify the company. But the Financial Times, which first reported on the vulnerability, said the spyware was developed by Israel’s NSO Group, whose software is known to have been used against human rights activists. NSO denied any involvement.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said in a statement Tuesday. “NSO would not or could not use its technology in its own right to target any person or organization, including this individual.”

WhatsApp said it has briefed several human rights groups to share information about the attack and to help them alert activists who may have been targeted by the spyware. WhatsApp has also notified the U.S. Department of Justice.

A London-based lawyer, who declined to be named due to the sensitivity, said he’d received several suspicious video WhatsApp calls beginning in March that would ring for a few seconds before cutting out. He said he reported the suspicious content to CitizenLab who worked with WhatsApp to determine the source of the activity. Citizenlab and WhatsApp confirmed that it was a way of delivering Pegasus spyware with “zero click,” he said. He added that the calls were from +46 and +35 dialing codes and added that the last attempt was two days ago.

As news of the platform hack began to spread worldwide, WhatsApp encouraged its 1.5 billion users to update to the latest version of the app in order to protect their privacy. The latest version is thought to better protect users against hacking.

But not all users were familiar with how to update the app, leading to a spike in people frantically googling “How to update WhatsApp?” Around the world people also searched for more information about the breach, although it is not yet known how many people were targeted by the hackers.


Worried about the WhatsApp hack? Here’s how to update your app

Global messaging app WhatsApp, which boasts over a billion users, was targeted by hackers last month in a breach that saw mobile devices attacked through the voice calling functionality of the app.

While WhatsApp hasn’t specifically stated who or how many users were targeted, the platform urged users to update to the latest version of the app in order to protect their data and devices from hackers.

Unsure how to update your WhatsApp or how to check if you’re already running the newest version? Here’s everything you need to know:

iPhone Users

Open the App Store on your mobile device

Hit the tab ‘updates’ along the bottom right

If your WhatsApp has not been updated, a button will appear reading “update.” Tap and allow your device to install the latest version

If your app has been updated, there will be no update button, just one that reads “open.” No further action is required

If for any reason you have difficulty finding WhatsApp, search for it using the search tab on the bottom right

Ensure you are running the latest version: 2.19.51

Android Users

Open the Google Play Store on your mobile device

Tap the menu

Open the ‘My Apps & Games’ tab

If your WhatsApp requires an update, the tab will read “update.” Tap and allow your device to install the latest version

If your app has been updated, there will be no update button, just one that reads “open.” No further action is required

If for any reason you have difficulty finding WhatsApp, search for it in the Play Store

Ensure you are running the latest version: 2.19.134

Categories: Business | News
TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.