The vulnerability in the WhatsApp audio call feature allows hackers to install spyware on iPhone and Android phones. The attack is expected to be limited in scope, but you must immediately update WhatsApp.
By default, end-to-end WhatsApp encryption is one of Facebook’s biggest security resources – but even this doesn’t help if the application is attacked. The company Mark Zuckerberg has discovered sophisticated cyber attacks used in messaging applications, which are used by more than 1.5 billion people worldwide.
In early May, the company’s security engineer discovered software weaknesses in the WhatsApp audio call feature. The question is that phone calls to Android and iPhone versions of WhatsApp can allow installation of malware to monitor user behavior.
Software encryption errors continue to occur, but this is different. What makes this case very worrying is that WhatsApp considers it more than the language that has problems in your application. Vulnerability seems to be used actively and is used as a monitoring method.
“This attack has all the characteristics of private companies that are known to work with the government to spread spyware which, according to information, takes over the functions of mobile operating systems,” WhatsApp said. The Financial Times, which brought the story for the first time, said the software came from the Israeli NSO group. This company is famous for developing technology to hack phones.
A London-based lawyer who filed a lawsuit against a Mexican non-profit organization, journalist and activist, a Saudi dissident and a Qatari citizen reportedly installed spyware on his cellphone. It is not known who carried out the attack. An NSO spokesman said the technology was used by intelligence agencies and law enforcement agencies around the world, and the company itself “would or could not use its technology to focus its attention on someone or organization.”
“We have told a number of human rights organizations to share information and work with them to inform civil society,” said a WhatsApp spokesman. During an internal investigation, the company has not announced how many people will be affected. Because the attack targeted individual telephone numbers, it might be used to target certain people, not as part of a random mass attack.
Installing spyware on a mobile phone, however, is very annoying and may give the attacker a large amount of information, although in some cases it has worked. Spyware can record everything and access what happens to the cellphone before the data is sent back to the attacker. Because spyware works on mobile phones, encrypted end-to-end messages, like that via WhatsApp, because they have direct access to operations on the device.
WhatsApp says its engineers have worked hard to fix bugs since it was discovered. He has handled many topics of accounting for short-term securities. It is said that vulnerabilities in VoIP software are permitted to be run remotely on the device. The attack can succeed even if the phone call is not answered.
To update WhatsApp to the latest version
So what can you do? The most important step in ensuring that your phone is not affected by WhatsApp attacks is to update the version of the application that is running on your device.
Facebook has released the latest version of its Android and iOS applications. This prevents the start of an attack and disables it if it has been executed. The company claims that the Android version of the application was affected before v2.19.134 and that the iOS version before v2.19.51 can be used. The attack also works on the Windows Phone and Tizen WhatsApp versions.
On Android, to update WhatsApp, visit the Play Store, touch the menu, go to the Applications & Games tab, then select the update option next to the application. Also visit the Apple App Store on your iPhone or iPad, open the Update section, then touch the WhatsApp icon to get the latest version of the application. It’s just a solution that takes a few minutes to download. When in the App Store, you must update all other applications with the new version.
Even though it doesn’t do anything to prevent this attack, there are several other basic WhatsApp security protocols that can be managed to make your account safer. With WhatsApp, you can activate backup conversations in your chosen cloud service – iCloud and Google Drive are options. This is useful for viewing your old messages in the future. However, they do not have the same protection as the encrypted version of end-to-end messages.
Chat registers stored in cloud services are still encrypted. However, because it is stored by an external company, the police or law enforcement agencies can request copies of data from external hosts. They can be decrypted. Muller, US survey investigator, accesses the chat log. Backup can be disabled in WhatsApp settings.
It is also possible to use WhatsApp two-factor authentication. If you enable settings, you must periodically enter a user-specified verification code before you can access calls on WhatsApp. Although spyware is not prevented from retrieving information about your device, two-factor authentication can help stop access to WhatsApp calls if your cellphone is stolen or lost.