Updates are annoying. But you really need to update WhatsApp on your phone.
The Facebook-owned messaging platform is urging its approximately 1.5 billion users to upgrade to the latest version of the app, which contains a fix to a security breach first reported by the Financial Times (paywall) yesterday. In a statement (paywall), WhatsApp also encouraged users to update their mobile operating system, “to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
The breach exploited a vulnerability in the messaging app to allow hackers to remotely install surveillance software onto iOS and Android phones. WhatsApp discovered the vulnerability in early May and started rolling out a fix in recent days. It told the Financial Times it did not yet know how many users had been affected.
The FT reported that the malicious code used in the hack was developed by Israeli company NSO Group. The company is best known for its spying software Pegasus, which can remotely activate a phone’s microphone and camera and collect location data. Watchdog groups claim NSO has sold Pegasus to foreign governments with dubious human-rights records, which have used it to target activists and journalists (paywall) around the world.
NSO said it was investigating the breach and denied that it would target individuals or companies using its technology, “which is solely operated by intelligence and law enforcement agencies.”
WhatsApp did not confirm the FT’s report that NSO code was used in the breach, but said in a statement: “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”
To update the app, go to the Google Play store on your Android, or App Store on your iPhone. It the update hasn’t automatically happened, you will see an option to install the latest version.