Critical WhatsApp vulnerability enabled smartphones to be spied
As Facebook now announces, there was a critical security flaw in Messenger WhatsApp. This made it possible to install monitoring software on a smartphone. Numerous Android devices, iPhones and Windows Phones are affected.
Currently reported Heise, directly on the appeal of a Facebook security message from a critical loophole. This affects the popular WhatsApp messenger. A vulnerability made it possible to smuggle spy software onto the respective smartphone. This loophole was in the WhatsApp call feature. The loophole was not discovered until the beginning of May - it was closed after a few days.
Critical WhatsApp vulnerability: all the details
According to the New York Times the Israeli company NSO is suspected to be behind the attack. They are also said to have sold the software to governments in order to spy on users. Hackers could also have had access to this software; exact details have not yet been clarified. According to the company, however, only secret services and security authorities should have had access to the software. This vulnerability enabled the attacker to send so-called SRTCP packets to the victim - these caused a memory error in the system (buffer overflow). This action could then run malware.
Users could not prevent the gap - a WhatsApp call was enough. This didn't even have to be accepted. Sometimes the attackers were even able to delete the entry from the call list. Then the espionage software "Pegasus" was installed. Whatsapp turned on the US government agencies to investigate.
The installed Trojan can, among other things, access the microphone and camera of a telephone, collect location data, and also search the user's e-mails and SMS. The software is also not noticeable in "normal operation".
These versions are affected by the WhatsApp vulnerability
Facebook has already rolled out a corresponding update to fix the vulnerability. The following versions are already safe. All versions below are affected by the vulnerability:
- Android: v2.19.134 (check the currently installed version under: WhatsApp> Settings> Help> App Info)
- Business for Android: v2.19.44
- iOS: v2.19.51 (check the currently installed version under: WhatsApp> Settings> Help> App Info)
- Business for iOS: v2.19.51
- Tizen: v2.18.15
- Windows Phone: v2.18.348 (currently installed version: Store> Downloads> History> WhatsApp)
It is also unclear which and how many users are or were specifically affected. Since you don't know who is affected, you should update as soon as possible. Not only WhatsApp itself, but also its operating system should be updated (if an update is available).