Whatsapp spyware hack makes it vulnerable

iPhones vulnerable to spyware – here’s how to fix it

You might have more in common with murdered journalist Jamal Khashoggi than you think – a vulnerable version of WhatsApp on your smartphone that leaves you open to spyware attacks.

But don’t worry too much — just make sure that you’ve installed the latest update for Facebook’s messaging app for your iPhone (see below). This includes the patch which closes the vulnerability and shut out the spyware. Once installed, you can breath (a little) easier.

Now listen close to the spyware saga

In a fast-moving Spy vs. Spy story first mentioned in the Financial Times, a spyware has been uncovered being distributed via a WhatsApp vulnerability. All the distributors of said spyware had to do to plant their wares on the targeted iPhone was to call it – and the person on the other end doesn’t even need have to accept the call. Bingo, the spyware was in place and could  do about everything.

This spyware has been found on the phones of some friends of Khashoggi – might have also been on his phone, and on the phone of a human rights lawyer investigating a certain company in Israel.

The suspect says no

The firm identified in the press with this spyware is NSO Group, an Israeli-Lebanese firm. They have a history of using various vulnerabilities to plant their Pegasus spyware in smartphones. However, there are almost no public records of who they sell their wares to. NGO says it definitely didn’t do any hacking itself. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” said the company in a statement.

They also added that they do not operate their software system directly, leaving it up to intelligence and law enforcement personnel to make these decisions. This does leave the door open that their clients, through some mysterious set of circumstances, may misuse the technology.

Not just another Facebook privacy issue

WhatsApp is owned by Facebook – a company not well known for respecting user privacy and data. But in this case, WhatsApp is doing the right thing and doing it quickly. After discovering the vulnerability earlier this month, they have quickly worked on a patch and distributed it. They have also indirectly fingered NSO as the culprit and contacted an interesting assortment of human rights groups and the US Department of Justice to share information about the situation.

There are things not known

In this fast-evolving situation, there are still many unclear details such as how many phones were infected by the spyware and if already infected phones will be safe to use after the patch.

4 easy steps to make sure your phone is secure

Protecting your device is also your responsibility. If you have an iPhone, please update your WhatsApp to version 2.19.51.

This can be done with 4 easy steps:

  • Open the “App Store” on your iPhone
  • Select “Updates”
  • To search for new updates, tap near the top of the screen near the “Updates” text, then hold and pull down, then release
  • Select “Update all” to install the updates

If you are unsure whether your WhatsApp is updated to the lates version just take a look at the list below:

WhatsApp for Android: 2.19.134
WhatsApp Business for Android: 2.19.44
WhatsApp for iOS: 2.19.51
WhatsApp Business for iOS: 2.19.51
WhatsApp for Tizen: 2.18.15
WhatsApp for Windows Phone: 2.18.348

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.