WhatsApp patches security flaw that lets attackers to deliver malware through calls

WhatsApp is urging its 1.5 billion users to update their app after the company detected sophisticated hacking attempts that may have targeted human rights activists.

The Facebook subsidiary said “an advanced cyber actor” exploited a security flaw and installed the malware by reaching targets on their mobile phones through WhatsApp’s call function, giving hackers access to private messages, location data and other information. The company said it detected the pattern of abnormal phone calls earlier this month and updated its servers on Friday. It issued new versions of its iPhone and Android apps on Monday.

“We believe a select number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”

WhatsApp did not identify the company. But the Financial Times, which first reported on the vulnerability, said the spyware was developed by Israel’s NSO Group, whose software is known to have been used against human rights activists. NSO denied any involvement.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said in a statement Tuesday. “NSO would not or could not use its technology in its own right to target any person or organization, including this individual.”

WhatsApp said it has briefed several human rights groups to share information about the attack and to help them alert activists who may have been targeted by the spyware. WhatsApp has also notified the U.S. Department of Justice.

A London-based lawyer, who declined to be named due to the sensitivity, said he’d received several suspicious video WhatsApp calls beginning in March that would ring for a few seconds before cutting out. He said he reported the suspicious content to CitizenLab who worked with WhatsApp to determine the source of the activity. Citizenlab and WhatsApp confirmed that it was a way of delivering Pegasus spyware with “zero click,” he said. He added that the calls were from +46 and +35 dialing codes and added that the last attempt was two days ago.

As news of the platform hack began to spread worldwide, WhatsApp encouraged its 1.5 billion users to update to the latest version of the app in order to protect their privacy. The latest version is thought to better protect users against hacking.

But not all users were familiar with how to update the app, leading to a spike in people frantically googling “How to update WhatsApp?” Around the world people also searched for more information about the breach, although it is not yet known how many people were targeted by the hackers.

Worried about the WhatsApp hack? Here's how to update your app

Global messaging app WhatsApp, which boasts over a billion users, was targeted by hackers last month in a breach that saw mobile devices attacked through the voice calling functionality of the app.

While WhatsApp hasn’t specifically stated who or how many users were targeted, the platform urged users to update to the latest version of the app in order to protect their data and devices from hackers.

Unsure how to update your WhatsApp or how to check if you’re already running the newest version? Here’s everything you need to know:

iPhone Users

Open the App Store on your mobile device

Hit the tab ‘updates’ along the bottom right

If your WhatsApp has not been updated, a button will appear reading “update.” Tap and allow your device to install the latest version

If your app has been updated, there will be no update button, just one that reads “open.” No further action is required

If for any reason you have difficulty finding WhatsApp, search for it using the search tab on the bottom right

Ensure you are running the latest version: 2.19.51

Android Users

Open the Google Play Store on your mobile device

Tap the menu

Open the ‘My Apps & Games’ tab

If your WhatsApp requires an update, the tab will read “update.” Tap and allow your device to install the latest version

If your app has been updated, there will be no update button, just one that reads “open.” No further action is required

If for any reason you have difficulty finding WhatsApp, search for it in the Play Store

Ensure you are running the latest version: 2.19.134