Facebook announced Monday that its encrypted email application WhatsApp had been infected with spyware . Here’s how to detect if your device is touched.
Which devices are targeted?
The attack, allegedly carried out by NSO, an Israeli cyber-espionage group, targets some individuals in particular and not the majority of users, according to preliminary information. However, as it is impossible to know the identity of the people targeted at this time, all users of WhatsApp and WhatsApp Business on iOS, Android, Windows Phone and Tizen may have been infected.
Moreover, now that this flaw is known, other hackers could design spyware of their own to exploit it on a larger scale.
What are the signs of an attack?
To install the spyware, the group behind the attack had to make a voice call. The spyware could be installed even if the person on the other end of the line was not answering the call.
If you have already received a voice call through WhatsApp, you may have been targeted by the attack. Since you do not have to pick up the spyware to install, it is possible that you have received a malicious call without noticing it.
How to protect yourself?
The only way to guard against this attack without uninstalling WhatsApp is to update the application. To do this, go to your phone’s app store and search for WhatsApp (or WhatsApp Business, if applicable).
If your application is not up to date, you will have the option to upgrade.
Here is the list of protected versions against the attack, dated May 13, 2019:
WhatsApp for Android: 2.19.134
WhatsApp Business for Android: 2.19.44
WhatsApp for iOS: 2.19.51
WhatsApp Business for iOS: 2.19.51
WhatsApp for Windows Phone: 2.18.348
WhatsApp for Tizen: 2.18.15
All subsequent versions of WhatsApp should also protect you against this attack. As a security measure, be sure to always update all your applications as soon as possible.