Critical security advisory: WhatsApp vulnerability

WhatsApp

WhatsApp has reported that a security vulnerability in the app was exploited to install the NSO Pegasus spyware in certain iPhones and Android phones. The spyware can be installed by calling a target device. Even if the call is missed, the device could still be infected. The Financial Times has reported that a log of the call could disappear from the device, leaving no trace that the device was called and infected if the user of the device missed the call. The spyware can retrieve your calls, messages and data, and activate your camera and microphone, among malicious activities.

WhatsApp has stated the the vulnerability has been fixed in a recent update to the app. We urge all our readers to upgrade the app on your phone as soon as possible. If you noticed an incoming call that later disappeared from your call log, we advise that you erase / reset your phone.

In general, we advise updating your device's OS (such as iOS or Android) and apps as often as possible so that you have the latest security patches installed on your phone. We further advise purchasing your devices from only those manufacturers that have a reputation of keeping the OS updated for at least as long as you plan to use the device.

For more details regarding the security vulnerability in WhatsApp, please see https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/

For more information on keeping yourself safe and secure online, please visit https://security.sflc.in/