WhatsApp users everywhere: Update your app now. A vulnerability in the app has allowed one company to install surveillance software on both iPhones and Android phones by calling users on the app, regardless of whether they answered. Worse, after a call was placed and software installed, the call could also be removed from the log, leaving no evidence that a call ever occurred.
According to WhatsApp, a Facebook-owned app with over 1.5 billion users, it’s not currently known how many users have been targeted.
As reported by the Financial Times, attackers from an Israeli company, NSO Group, are responsible for the breach. The company is known for its “Pegasus” malware—supposedly limited to use by intelligence agencies—and can be used to collect data including location, emails, contacts, browser history, and the ability to turn on any user’s microphone and camera. NSO Group markets this software for its ability to stop crime and terrorism.
WhatsApp learned of the hack earlier this month, and as of Monday, is urging users to update the app as a precaution. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society,” WhatsApp said in a statement.
This news comes after a UK-based lawyer—involved in a civil case between a number of Mexican journalists and government critics suing NSO Group in Israel—was reportedly targeted by this very software.
Updating is easy; on an iPhone, go to the App Store and tap “Update” next to WhatsApp (or “Update all” if you want to update every app). You should be on version 2.19.51.
On an Android, go to the Play Store, tap the menu, tap “Apps and games”, tap “Updates,” and tap “Update” next to WhatsApp. You should be on version 2.19.134.
If there’s no option to update, you’re likely running the most updated version of WhatsApp.